[ Previous | Next | Table of Contents | Index | Library Home | Legal | Search ]

System Management Guide: Communications and Networks

AIX Fast Connect Configuration and Administration

This chapter discusses basic configuration and operation of AIX Fast Connect. Some examples are given, using the AIX Fast Connect command-line interface, the net command. (AIX Fast Connect also supports the system-management tools SMIT and Web-based System Manager.)

Note: Unless otherwise noted, all references to the net command in this section refer to the AIX Fast Connect command (/usr/sbin/net) not the NET command used on DOS, OS/2, and Windows. (Examples of the NET command use on PC clients are shown in the next section, Configuring Client PCs for use with AIX Fast Connect.)


You can use the Web-based System Manager, SMIT, the net command, or a combination of these methods to configure and administer the AIX Fast Connect server for your site.

As indicated in AIX Fast Connect Packaging and Installation, AIX Fast Connect preconfigures itself to provide basic access to AIX user home directories (as defined in /etc/passwd) using plain-text network passwords. When started, the AIX Fast Connect server responds to SMB/NetBIOS requests on all operational TCP/IP interfaces.

Configurable Parameters

AIX Fast Connect is designed for ease of administration, but provides a sufficient set of customizable parameters to support various configurations. Several of these parameters are dynamically configurable and do not require the server to be stopped and restarted for the changes to become effective.

These parameters are found in the /etc/cifs/cifsConfig file, and can be configured by using the net config command with the following syntax:

net config /parameter_name:parameter_value

The entire list of these configurable parameters is shown in the Table of AIX Fast Connect Configurable Parameters or by typing: net config help on the command line.

Note: Use the Web-based System Manager or SMIT for most changes to the AIX Fast Connect configuration parameters, both to avoid spelling mistakes and because some of these parameters must be changed simultaneously. However, examples of the net config command are shown below, for AIX Fast Connect system administrators who prefer this method.

Configuration of File and Print Shares (Exports)

There are two types of shares that can be configured and exported by AIX Fast Connect: File Shares and Print Shares. Whenever the AIX Fast Connect server is started, a file share with the network name HOME is created by default. This special file share maps to $HOME, the AIX home directory (from /etc/passwd) of any PC-client user that connects to AIX Fast Connect. (Additionally, the file shares IBMLAN$ and ADMIN$ may be created by default, to support the Network Logon feature of AIX Fast Connect.) More file or print shares can be added by the system administrator using Web-based System Manager, SMIT, or the net command.

Note: The default shares HOME, IBMLAN$, and ADMIN$ cannot be changed or deleted.

Each file or print share represents an object that AIX Fast Connect is exporting to the Windows network, accessed by its netname. File shares are exported AIX directories. Print shares are exported AIX print queues.

Note: If files seem to be missing in the directory when viewed from a PC client, AIX Fast Connect uses the AIX file permission bits to encode DOS file attributes (ReadOnly, Archive, System, Hidden). For more information, see Support for DOS File Attributes. Also, you might want to review Mapping Long AIX File Names to DOS File Names.

User Administration

Access to AIX Fast Connect shares is managed internally by AIX user security mechanisms. For example, if an AIX user has write access to a particular AIX subdirectory that is being exported by AIX Fast Connect, then any PC client connecting to AIX Fast Connect (as that AIX user) would then have write access to that same subdirectory. (There are cases when an external PC client accesses AIX Fast Connect with a client username that is different than the server username being used for access checking, for example guestmode, share-level security, and username mapping.)

User accounts can be configured on the server using Web-based System Manager, SMIT, or the net command. Each defined AIX Fast Connect user must also be a defined AIX user. AIX Fast Connect supports user-level authentication using several mechanisms described in the following section. Resource access is permitted based on the authenticated AIX user credentials.

Note: Every AIX username used for AIX Fast Connect authentication must have an AIX home directory specified. Otherwise, that user cannot access the AIX Fast Connect server.

Overview of User-Authentication Mechanisms

AIX Fast Connect supports several different types of user-authentication for access to the AIX Fast Connect server. Whichever authentication method you choose depends on your existing network environment and your network policies. These authentication methods are discussed briefly in this section. For more information, see Advanced Server Administration.

AIX-based User Authentication (using plain text network passwords)
When the AIX Fast Connect server is configured for plain text passwords (and not NT-Passthrough authentication), then incoming SMB username/password logins are sent to standard AIX system services for user authentication, which includes integrated DCE-login, if specified for that AIX-user.)

To enable Plain Text passwords for AIX Fast Connect, type:

net config /encrypt_passwords:0

Note: SMB networking does not support mixed case for plain text passwords. In plain text mode, every AIX user accessing AIX Fast Connect must have all uppercase or all lowercase AIX passwords.

CIFS Password Encryption Protocols
When the AIX Fast Connect server is configured for encrypted passwords (and not NT-Passthrough authentication), then incoming SMB username/encrypted_password logins are validated by AIX Fast Connect against the /etc/cifs/cifsPasswd file, which is a database of AIX Fast Connect users (and their encrypted passwords). The /etc/cifs/cifsPasswd file is initialized and maintained by the net user command (see Configuring Encrypted Passwords).

To enforce encrypted passwords for AIX Fast Connect, type:

net config /encrypt_passwords:2

NT Passthrough Authentication
When the AIX Fast Connect server is configured for NT-Passthrough Authentication, then the encrypt_passwords parameter is ignored, and incoming PC client login requests are routed through the network to an external Windows NT server for user authentication. (Normally, the PC-client uses encrypted passwords to authenticate with the external Windows NT server.) This method is often used when an NT server is already being used as a Network Logon server for the Windows network.

To enable AIX Fast Connect to authenticate to an external NT server (located at TCP/IP address IPaddress), type:

net config /passthrough_authentication_server:IPaddress

You can also designate a backup server for NT authentication with the following command:

net config /backup_passthrough_authentication_server:IPaddress2

Network Logon to AIX Fast Connect
AIX Fast Connect itself can be configured to act as a Network Logon server. (Windows NT clients require the IBM Primary Logon Client for NT to use this feature. Windows 2000 clients cannot use this feature of AIX Fast Connect.) For more information about Network Logon, see Advanced Server Administration, and Configuring Network Logon for AIX Fast Connect.

DCE/DFS Support
AIX Fast Connect can be configured for DCE/DFS support using plain text or incrypted passwords. In this mode, Fast Connect uses DCE-authentication mechanisms to validate PC-clients for DFS access.

See Advanced Server Administration for more details.

Guest Logon
AIX Fast Connect can support guest-mode logon when configured for either plain-text or encrypted passwords. If AIX Fast Connect is enabled for guest-mode logins, then an incoming PC client username (which AIX Fast Connect must recognize as not a standard AIX Fast Connect user) is granted guest-mode access rights based on the AIX Fast Connect username specified as the guest-user (parameter guestname).

See Advanced Server Administration for more details.

Share-Level Security
When the AIX Fast Connect server is configured for share-level security, then passwords are associated with individual file and print shares, not with PC client usernames. In this mode, AIX Fast Connect provides access rights to PC clients based on a share-mode username specified as parameter share_level_security_username, similar to the guest-logon access mode.

See Advanced Server Administration for more details.

Client-to-Server Username Mappings
As an extension of the net user command, AIX Fast Connect can map PC client usernames (or sets of PC client usernames) to AIX usernames, for user-mode authentication and file access.

See Advanced Server Administration for more details.

Configuring Encrypted Passwords

When the AIX Fast Connect server is configured for encrypted passwords, AIX Fast Connect attempts to authenticate all incoming SMB username/encrypted_password logins against the AIX Fast Connect /etc/cifs/cifsPasswd file, which is database of AIX Fast Connect users (and their encrypted passwords). This file is initialized and maintained by the command net user.

Note: When AIX Fast Connect is configured to use encrypted passwords, only AIX Fast Connect usernames configured to use encrypted passwords by net user are able to login to AIX Fast Connect. These passwords are distinct from (and may differ from) the standard AIX passwords in /etc/security. When an AIX user changes their password (using /usr/bin/passwd), the AIX Fast Connect password for that user does not automatically change. Nevertheless, you may want to use encrypted passwords on your network to enhance network security or to simplify configuration of recent Windows clients (who assume encrypted passwords, by default).

Basic Server Administration

You can use Web-based System Manager, SMIT, or the net command to manage AIX Fast Connect server operations. The following sections show basic server operations, using the AIX Fast Connect net command, and highlights the fast paths for SMIT at the end of the section.

Starting and Stopping the AIX Fast Connect Server

Showing Server Status Information

AIX Fast Connect provides several mechanisms for displaying current server status, including general status, configuration information, statistical information, and user-session information.

Web-based System Manager, SMIT fast paths, and net commands

You can use the Web-based System Manager PC Services container to administer AIX Fast Connect, or you can use the SMIT fast paths and net commands shown in the following table.

Administering AIX Fast Connect
Web-based System Manager:    PC Services container


Task SMIT Fast Path Command or File
Starting the Server smit smbadminstart net start
Stopping the Server smit smbadminstop net stop
Pausing the Server   net pause
Resuming the Server   net resume
Changing Parameters smit smbcfghatt net config
Changing Resources smit smbcfgresi net config
Adding Users smit smbcfgusradd net user
Changing Users smit smbchgusrlis net user
Changing a User Password smit smbusrpwd net user
Removing a User smit smbrmusrlis net user
Configuring nbns smit smbwcfgn  
Listing All Shares smit smbsrvlisall net share
Listing All File Shares smit smbsrvfilist net share
Adding a File Share smit smbsrvfiladd net share
Changing a File Share smit smbsrvfilchg net share
Deleting a File Share smit smbsrvfilrm net share
Adding Printer Share smit smbsrvprtadd net share
Changing Printer Share smit smbsrvprchg net share
Deleting Printer Share smit smbsrvprtrm net share
Showing Server Status smit smbadminstatu net status
Showing the Configuration smit smbcfg net config
Showing Statistics smit smbadminstats net statistics
Showing Share smit smbsrvlisall net share
Getting Help (smit help-panels) net help

NetBIOS Name Service (NBNS)

NetBIOS Name Service (NBNS) for AIX Fast Connect provides name resolution services. It also supports some functions of Windows Internet Name Service (WINS), such as registration of multihomed name and Internet group name.

Administering NBNS Tasks
Task SMIT Fast Path Command or File
List all names in the NetBIOS Name Table   net nblistnames
Add a static NetBIOS Name smit smbwcfgadd net nbaddname /name:NBname /ipaddress:IPaddress [ /sub:XX ]

or net nbaddgroup
or net nbaddmulti

Delete a NetBIOS name in Name Table smit smbwcfgdel net nbdelname /name:NBname [ /sub:XX ]
Delete by Name and Address smit smbwcfdadd net nbdeladdr /name:NBname /ipaddress:IPaddress
Backup the NBNS Name Table to a File smit smbwcfgbak net nbbackup [ /file:filename ]
Restore the NBNS Name Table from Backup smit smbwcfgres net nbrestore [ /file:filename ]

  1. The value of IPaddress can be any number in IP address range.
  2. The subcode value XX is any two-digit hexadecimal number in the range 00-FF.

[ Previous | Next | Table of Contents | Index | Library Home | Legal | Search ]