This chapter discusses basic configuration and operation of AIX Fast Connect. Some examples are given, using the AIX Fast Connect command-line interface, the net command. (AIX Fast Connect also supports the system-management tools SMIT and Web-based System Manager.)
Note: Unless otherwise noted, all references to the net command in this section refer to the AIX Fast Connect command (/usr/sbin/net) not the NET command used on DOS, OS/2, and Windows. (Examples of the NET command use on PC clients are shown in the next section, Configuring Client PCs for use with AIX Fast Connect.)
You can use the Web-based System Manager, SMIT, the net command, or a combination of these methods to configure and administer the AIX Fast Connect server for your site.
As indicated in AIX Fast Connect Packaging and Installation, AIX Fast Connect preconfigures itself to provide basic access to AIX user home directories (as defined in /etc/passwd) using plain-text network passwords. When started, the AIX Fast Connect server responds to SMB/NetBIOS requests on all operational TCP/IP interfaces.
AIX Fast Connect is designed for ease of administration, but provides a sufficient set of customizable parameters to support various configurations. Several of these parameters are dynamically configurable and do not require the server to be stopped and restarted for the changes to become effective.
These parameters are found in the /etc/cifs/cifsConfig file, and can be configured by using the net config command with the following syntax:
net config /parameter_name:parameter_value
The entire list of these configurable parameters is shown in the Table of AIX Fast Connect Configurable Parameters or by typing: net config help on the command line.
Note: Use the Web-based System Manager or SMIT for most changes to the AIX Fast Connect configuration parameters, both to avoid spelling mistakes and because some of these parameters must be changed simultaneously. However, examples of the net config command are shown below, for AIX Fast Connect system administrators who prefer this method.
net config
This comand shows some of the most important parameters, including servername, domainname, and primary_wins_ipaddr.
net config /parm:servername
net config /domainname:testdomain net config /autodisconnect:60 net config /comment:"String parameter containing Spaces"
There are two types of shares that can be configured and exported by AIX Fast Connect: File Shares and Print Shares. Whenever the AIX Fast Connect server is started, a file share with the network name HOME is created by default. This special file share maps to $HOME, the AIX home directory (from /etc/passwd) of any PC-client user that connects to AIX Fast Connect. (Additionally, the file shares IBMLAN$ and ADMIN$ may be created by default, to support the Network Logon feature of AIX Fast Connect.) More file or print shares can be added by the system administrator using Web-based System Manager, SMIT, or the net command.
Note: The default shares HOME, IBMLAN$, and ADMIN$ cannot be changed or deleted.
Each file or print share represents an object that AIX Fast Connect is exporting to the Windows network, accessed by its netname. File shares are exported AIX directories. Print shares are exported AIX print queues.
net share
net share /add /type:f /netname:NETTEMP /path:/tmp /desc:"File share test"
net share /add /type:p /netname:PSCOLOR1 /printq:psColor1 /desc:"Print share test"
Note: AIX names for files, directories, and print-queues are case-sensitive, but network-names used by Windows networking are not case-sensitive.
net share /delete /netname:NETTEMP
Note: If files seem to be missing in the directory when viewed from a PC client, AIX Fast Connect uses the AIX file permission bits to encode DOS file attributes (ReadOnly, Archive, System, Hidden). For more information, see Support for DOS File Attributes. Also, you might want to review Mapping Long AIX File Names to DOS File Names.
Access to AIX Fast Connect shares is managed internally by AIX user security mechanisms. For example, if an AIX user has write access to a particular AIX subdirectory that is being exported by AIX Fast Connect, then any PC client connecting to AIX Fast Connect (as that AIX user) would then have write access to that same subdirectory. (There are cases when an external PC client accesses AIX Fast Connect with a client username that is different than the server username being used for access checking, for example guestmode, share-level security, and username mapping.)
User accounts can be configured on the server using Web-based System Manager, SMIT, or the net command. Each defined AIX Fast Connect user must also be a defined AIX user. AIX Fast Connect supports user-level authentication using several mechanisms described in the following section. Resource access is permitted based on the authenticated AIX user credentials.
Note: Every AIX username used for AIX Fast Connect authentication must have an AIX home directory specified. Otherwise, that user cannot access the AIX Fast Connect server.
AIX Fast Connect supports several different types of user-authentication for access to the AIX Fast Connect server. Whichever authentication method you choose depends on your existing network environment and your network policies. These authentication methods are discussed briefly in this section. For more information, see Advanced Server Administration.
To enable Plain Text passwords for AIX Fast Connect, type:
net config /encrypt_passwords:0
Note: SMB networking does not support mixed case for plain text passwords. In plain text mode, every AIX user accessing AIX Fast Connect must have all uppercase or all lowercase AIX passwords.
To enforce encrypted passwords for AIX Fast Connect, type:
net config /encrypt_passwords:2
To enable AIX Fast Connect to authenticate to an external NT server (located at TCP/IP address IPaddress), type:
net config /passthrough_authentication_server:IPaddress
You can also designate a backup server for NT authentication with the following command:
net config /backup_passthrough_authentication_server:IPaddress2
See Advanced Server Administration for more details.
See Advanced Server Administration for more details.
See Advanced Server Administration for more details.
See Advanced Server Administration for more details.
When the AIX Fast Connect server is configured for encrypted passwords, AIX Fast Connect attempts to authenticate all incoming SMB username/encrypted_password logins against the AIX Fast Connect /etc/cifs/cifsPasswd file, which is database of AIX Fast Connect users (and their encrypted passwords). This file is initialized and maintained by the command net user.
Note: When AIX Fast Connect is configured to use encrypted passwords, only AIX Fast Connect usernames configured to use encrypted passwords by net user are able to login to AIX Fast Connect. These passwords are distinct from (and may differ from) the standard AIX passwords in /etc/security. When an AIX user changes their password (using /usr/bin/passwd), the AIX Fast Connect password for that user does not automatically change. Nevertheless, you may want to use encrypted passwords on your network to enhance network security or to simplify configuration of recent Windows clients (who assume encrypted passwords, by default).
net config /encrypt_passwords:2
net user
net user username password /add
-or-
net user username -p /add
The -p flag prompts for a no-echo password.
net user username password /changeaixpwd:yes
-or-
net user username -p /changaixpwd:yes
net user username /delete
net user /delete root
Then, the user name root can be added as a Fast Connect user with its own encrypted password.
You can use Web-based System Manager, SMIT, or the net command to manage AIX Fast Connect server operations. The following sections show basic server operations, using the AIX Fast Connect net command, and highlights the fast paths for SMIT at the end of the section.
/etc/rc.cifs start
/etc/rc.cifs stop
Note: When the server-daemon (cifsServer) is not loaded, the AIX Fast Connect net command does not function. To configure AIX Fast Connect parameters offline, you might need to load the server daemon manually by typing /usr/sbin/cifsServer on the command line. This enables the net command to function, but does not start the server. PC clients are not able to connect until the /etc/rc.cifs start command is issued.
net pause
net resume
AIX Fast Connect provides several mechanisms for displaying current server status, including general status, configuration information, statistical information, and user-session information.
net status
net config
net statistics
Note: You can reset the statistics counts by typing net statistics /reset on the command line.
net session
You can use the Web-based System Manager PC Services container to
administer AIX Fast Connect, or you can use the SMIT fast paths and
net commands shown in the following table.
Administering AIX Fast Connect | ||
---|---|---|
Web-based System Manager: PC Services
container
| ||
Task | SMIT Fast Path | Command or File |
Starting the Server | smit smbadminstart | net start |
Stopping the Server | smit smbadminstop | net stop |
Pausing the Server | net pause | |
Resuming the Server | net resume | |
Changing Parameters | smit smbcfghatt | net config |
Changing Resources | smit smbcfgresi | net config |
Adding Users | smit smbcfgusradd | net user |
Changing Users | smit smbchgusrlis | net user |
Changing a User Password | smit smbusrpwd | net user |
Removing a User | smit smbrmusrlis | net user |
Configuring nbns | smit smbwcfgn | |
Listing All Shares | smit smbsrvlisall | net share |
Listing All File Shares | smit smbsrvfilist | net share |
Adding a File Share | smit smbsrvfiladd | net share |
Changing a File Share | smit smbsrvfilchg | net share |
Deleting a File Share | smit smbsrvfilrm | net share |
Adding Printer Share | smit smbsrvprtadd | net share |
Changing Printer Share | smit smbsrvprchg | net share |
Deleting Printer Share | smit smbsrvprtrm | net share |
Showing Server Status | smit smbadminstatu | net status |
Showing the Configuration | smit smbcfg | net config |
Showing Statistics | smit smbadminstats | net statistics |
Showing Share | smit smbsrvlisall | net share |
Getting Help | (smit help-panels) | net help |
NetBIOS Name Service (NBNS) for AIX Fast Connect provides name resolution services. It also supports some functions of Windows Internet Name Service (WINS), such as registration of multihomed name and Internet group name.
net config /nbns:1
net config /nbns:0
Note: The nbns parameter is static, not dynamic. The AIX Fast Connect server must be shutdown and restarted to enable NBNS service.
Administering NBNS Tasks | ||
---|---|---|
Task | SMIT Fast Path | Command or File |
List all names in the NetBIOS Name Table | net nblistnames | |
Add a static NetBIOS Name | smit smbwcfgadd | net nbaddname /name:NBname
/ipaddress:IPaddress [ /sub:XX ]
|
Delete a NetBIOS name in Name Table | smit smbwcfgdel | net nbdelname /name:NBname [ /sub:XX ] |
Delete by Name and Address | smit smbwcfdadd | net nbdeladdr /name:NBname /ipaddress:IPaddress |
Backup the NBNS Name Table to a File | smit smbwcfgbak | net nbbackup [ /file:filename ] |
Restore the NBNS Name Table from Backup | smit smbwcfgres | net nbrestore [ /file:filename ] |
Notes:
- The value of IPaddress can be any number in IP address range.
- The subcode value XX is any two-digit hexadecimal number in the range 00-FF.