AIX Fast Connect for Windows Overview

Since AIX Fast Connect for Windows uses the Microsoft networking protocol, PC clients can access AIX files and printers using their native networking client software. PC users can use remote AIX file systems directly from their machines as if they were locally stored, and they can print jobs on printers using the AIX spool system, view available printers, and map a printer as a network printer.

Fast Connect provides these services by implementing the Server Message Block (SMB) networking protocol on top of the Network Basic Input/Output System (NetBIOS) over the Transmission Control Protocol/Internet Protocol (TCP/IP), based on the Internet Engineering Task Force requests for comments (RFCs) 1001 and 1002.

Important features of Fast Connect include:

• Tight integration with AIX and exploitation of features such as threads, kernel I/O, filesystem, and security
• SMB-based file and print services
• Login and passthrough authentication to NT domains
• Resource Browsing Protocol
• Opportunistic locking (oplock)
• WINS client and proxy
• B-node support
• Send File application programming interface (API) support
• Traces and log capabilities
• Maintenance and administration using your user interface choice: commands, Web-based System Manager, or the System Management Interface Tool (SMIT)
• Streamlined configuration
• AIX long file name to DOS file name mapping support
• Unicode representation of share, user, file, and directory names.

Common Concepts and Terms

Explanation of some common networking terms is given below:

Broadcast (B-) Nodes

A Broadcast Node or B-node is a type of NetBIOS end node that supports NetBIOS service and contains applications. B-nodes communicate using a mix of UDP datagrams and TCP connections. B-nodes may freely interoperate with one another within a broadcast area. Other standard end nodes are Point-to-point nodes (P-nodes) and Mixed-mode nodes (M-nodes).

Browsing

Browsing refers to viewing the resources available on a network. The browse list on a Windows network is the list of other hosts and domains available on a network. Windows maintains the browse list to present other hosts offering network services through a point-and-click user interface rather than asking users to remember the names of remote hosts and services. Windows 95, Windows 98, and Windows NT use the browse list to construct the view of the network shown in the Network Neighborhood and Windows Explorer. The browse list is also accessible from the command line using the NET VIEW command.

Windows for Workgroups and Windows NT domains maintain the browse list on a computer called the Master Browser. Whenever a computer offers a network service for the first time, it broadcasts a server announcement packet. The Master Browser receives this packet and adds the computer's name to its browse list. In response, the Master Browser transmits a list of backup browsers to the new computer.

Each domain or NT group contains at least one backup browser. A copy of the browse list is maintained on the backup browser to eliminate the need to rebuild the browse list if the Master Browser goes down.

CIFS

CIFS stands for Common Internet File System Protocol. CIFS provides an open cross-platform mechanism for client systems to request file services from server systems over a network. It is based on the Server Message Block protocol widely in use by PCs and workstations running a wide variety of operating systems. It is a draft submitted by Microsoft to the Internet Engineering Task Force for transparent file access across the Internet.

NetBIOS

NetBIOS, or Network Basic Input/Output System, is a vendor-independent network interface originally designed for IBM PC computer systems running PC-DOS or MS-DOS. NetBIOS is a software interface, not an actual networking protocol. It specifies the services that should be available without putting any restrictions on the protocol used to implement those services.

There is no officially defined NetBIOS standard. The original version, as described by IBM in 1984 in the IBM PC Network Technical Reference Manual, is treated as the de facto standard. Since its introduction, three main flavors of NetBIOS--each with its own transport protocol--have emerged: NetBEUI, NetBIOS over IPX, and NetBIOS over TCP/IP.

Fast Connect uses NetBIOS over TCP/IP.

NetBIOS Interface to Application Programs

On PCs, NetBIOS includes both a set of services and an exact program interface to those services. There are three types of NetBIOS services:

Name Service

NetBIOS resources are referenced by name. Lower level addresses are not available to NetBIOS applications. An application representing a resource registers one or more names that it wishes to use.

The name space is flat and not hierarchically organized. It uses 16 alphanumeric characters. Names may not start with an asterisk (*).

Registration implies bidding for use of a name. The bid may be for exclusive (unique) or shared (group) ownership. Each application contends with other applications in real time. No two applications on the NetBIOS network may use a unique name until the originating application requests that their name be deleted or the host is powered off or reset.

The three primitive operations provided by Name Service are Add Name, Add Group Name, and Delete Name.

Session Service

A session is a full-duplex, sequenced, and reliable message exchange conducted between a pair of NetBIOS applications. Data is organized into messages.

Multiple sessions may exist between any two applications. Both applications participating in the session have access to the name of the remote application. No specification is given for resolving session requests to a group name into a data connection. A service is provided for the detection of a session failure by an application.

The Session Service primitives are Call, Listen, Hang Up, Send, Receive, and Session Status.

Datagram Service

The Datagram Service is an unreliable, nonsequenced, and connectionless communication between two NetBIOS applications. It is analogous to UDP service under TCP/IP.

Datagrams are sent under cover of a name properly registered to the sender. Datagrams can be sent to a specific name or be explicitly broadcast.

Datagrams sent to an exclusive name are received, if at all, by the holder of that name. Datagrams sent to a group name are multicast to all holders of that name. The sending application can not distinguish between group and unique names and thus must act as if all nonbroadcast datagrams are multicast.

As with the Session Service, the receiver of the datagram is told the sending and receiving names.

The Datagram Service primitives are Send Datagram, Send Broadcast Datagram, Receive Datagram, and Receive Broadcast Datagram.

NetBIOS Name Resolution

Name Resolution refers to mapping a NetBIOS name to its corresponding IP address. The techniques commonly used for name resolution are the Windows Internet Name Service (WINS), the LMHOSTS file, and the domain name system (DNS). DNS is explained in TCP/IP Name Resolution. The other techniques are explained below:

WINS

When a new service is made available on the network, such as when a Windows machine boots or when Fast Connect is started, the service must be registered with a WINS server before it can be available to clients located on other subnets. The WINS server records the name of the host, the NT domain the host is part of, and the IP address of the host. Whenever a machine attempts to resolve a host name, it first checks with the WINS server. If the host is not registered there, it will attempt to find the host using a broadcast. If the host is still not found, an error saying a computer or sharename could not be found is returned. Fast Connect properly registers itself with any WINS server.

WINS also includes a method for replicating its database of host names with other WINS servers to create a backup WINS server that can host queries if the primary WINS server is unavailable. It also allows large networks that are encumbered by slow links to distribute WINS servers closer to clients and provide faster name resolution. (WINS is a proprietary Microsoft protocol.)

LMHOSTS

LMHOSTS stands for LanManager Hosts and is analogous to the UNIX /etc/hosts file. The LMHOSTS file allows specific hostnames to be mapped to IP addresses. It also provides a syntax for defining the domain a host resides in as well as loading a LMHOSTS file from a shared directory on a server.

For more details on the LMHOSTS file, refer to the Windows NT Networking Guide or the Windows 95 Resource Kit.

NetBIOS over TCP/IP

NetBIOS over TCP/IP was first proposed in RFCs 1001 and 1002, which were submitted to the Internet Engineering Task Force in 1987. These RFCs describe an implementation of NetBIOS using Transmission Control Protocol (TCP) for connection-oriented session services and User Datagram Protocol (UDP) for datagram services.

This design has some significant advantages over NetBEUI and NetBIOS over IPX. First, it uses the existing TCP/IP protocols, so it can be routed across the global Internet and any other wide area networks. Secondly, software implementing the NetBIOS interface can be built using existing TCP/IP implementation without requiring any new network drivers. Since most operating systems already support TCP/IP, most are capable of supporting NetBIOS with minimal additional effort.

NetBIOS Scope

A NetBIOS Scope is the population of computers across which a registered NetBIOS name is known. NetBIOS broadcast and multicast datagram operations must reach the entire extent of the NetBIOS scope.

net Command

The net command and its subcommands can be used to configure and administer the Fast Connect Server from the command line. Alternatively, Web-based System Manager and SMIT offer menu-driven interfaces for the same tasks. For detailed information about the net command, refer to the AIX Version 4.3 Commands Reference, Volume 4.

Passthrough Authentication

Passthrough authentication is a mechanism employed by the Fast Connect server to validate user credentials with a domain controller and, if validated, to grant the user access to a resource on the Fast Connect server. For more details on passthrough authentication, refer to Internet Draft, CIFS Login and Passthrough Authentication, Prelim Draft, Jan 3, 1997 by Leach and Naik of Microsoft.

SMB

SMB stands for Server Message Block. It is the protocol used on top of NetBIOS to implement Windows file sharing and print services.

With this protocol, clients exchange messages (called Server Message Blocks) with a server to access resources on that server. Every SMB message has a common format: it consists of a fixed-sized header followed by a variable-sized parameter and data component.

SMB messages can be broken into four types:

• Session control messages start, authenticate, and terminate sessions.
• File and printer messages control file and printer access, respectively.
• Message commands allow an application to send or receive messages to or from another host.

When an SMB client negotiates a connection with an SMB server, the two parties decide on a common protocol to use for communication. This capability allows protocol extensions but makes SMB quite complex.

Shares

Shares are resources shared by the Fast Connect server. The two types of shares supported by Fast Connect are AIX files and printers.

Workgroups

A workgroup is a logical collection of workstations and servers that do not belong to a domain. In a workgroup, each computer stores its own copy of user and group account information. Therefore, in workgroups, users can only log directly onto machines on which they have accounts. Workgroup members are able to view and use resources on other systems. To do this, resources are shared in the workgroup and network users are validated by the machine owning the resource.

AIX Fast Connect for Windows Limitations

The following limitations apply to AIX Version 4.3.3 and earlier versions of Fast Connect:

• Fast Connect does not allow multiple shares for the same print queue name. This means that if a printer share already exists for a given print queue, you can not create another one (having a different netname) for the same queue. If you do, you will get an Operation could not be performed error.
• Users who use OS/2 or other clients that do not support unicode must ensure client and server locales match.
• AIX ACLs are not recognized and not supported. Explicit user/group ACL permit/deny access behavior will be ignored.
• Security auditing is not accountable to any individual user actions through an SMB client. If auditing is turned on, some audit log event entries will have the root identity.
• Disk quota and ulimit of any user is not checked. Any user can fill up the shared file system.
• No support for DCE/DFS credentials or filesystems exists. DCE/DFS filesystems cannot be shared.
• There is no log information about which users are connected to the AIX server through AIX Fast Connect for Windows.
• Some AIX printer drivers backend add controls to the file that is being printed; others do not. But windows clients always send in a format that needs no controls. So, if the AIX printer driver is the former type, then set printer share options -o -dp when the printer share is created.