[ Previous | Next | Table of Contents | Index | Library Home | Legal | Search ]

System Management Guide: Communications and Networks

Configuring Network Logon for AIX Fast Connect

AIX Fast Connect can be configured to support Network Logon. Network Logon support allows centralizing the user accounts, startup scripts, home directories, and configuration policy of Windows systems participating in a workgroup to a single AIX system running the AIX Fast Connect server. This support does not allow an AIX Fast Connect server to act as a Windows NT Domain Controller. However, with the IBM Networks Client software, both NT and Windows 95/98 clients can be configured to perform network logon to an AIX server using the Network Logon feature of AIX Fast Connect.

AIX Fast Connect Network Logon feature supports Windows 95/98 and NT clients. Windows 95/98 clients are supported using the standard Microsoft Client for Microsoft Networks or the IBM Client for IBM Networks. Windows NT clients require the IBM Networks Primary Logon Client for NT.

IBM Network Client can be downloaded from the following IBM Internet sites:

Configuration Options

The following AIX Fast Connect configuration options are available for Network Logon feature customization.


Option Default Value Description
networklogon 0 This option is used to enable or disable the Network Logon feature of AIX Fast Connect -- 1 indicates enabled, and 0 indicates disabled.
startup_script startup.bat This option specifies the filename of the startup script (in the NETLOGON share) used by the Microsoft Client for Windows 95/98 during network logon. Two meta tags in this string allow customization of the startup script filename during client logon -- %U is expanded to the client's user name, and %N is expanded to the client's computer name.
(IBM Networks clients always search for filename profile.bat, in directory \dcdb\users\username in the IBMLAN$ file-share.)
profiles_path /home This string option specifies the AIX pathname for the PROFILES share, which the Network Logon feature uses to store user profiles and home directories.
netlogon_path /var/cifs/netlogon This string option specifies the UNIX path to the top of the NETLOGON and IBMLAN$ shares. These shares are used to store the startup scripts. This is also where the Windows client searches for the configuration policy files at domain network logon time (for example: \\Server\netlogon\config.pol).

Enabling the Network Logon Feature

Enabling domain network logon support is simply a matter of setting the networklogon option to 1. This option can be enabled (or disabled) using Web-based System Manager, SMIT, or the net command. To enable the Network Logon feature, type:

   net config /networklogon:1

Then restart the server. The AIX Fast Connect server then acts as a domain logon server for your workgroup.

Setting Up Startup Scripts

Startup scripts are DOS batch files that are executed automatically when client users logon to the domain through a domain logon server. Typically, these scripts are defined as user specific. By default, AIX Fast Connect installs a sample startup script (/var/cifs/netlogon/startup.bat), which can be customized as needed as a global startup script.

For Windows 95/98 clients using the Microsoft Networks client, the default installation of AIX Fast Connect configures /var/cifs/netlogon/startup.bat as a global startup script for all these clients. The parameter startup_script can be modified for these clients to support per-user or per-workstation scripts:

For Windows 95/98/NT clients using the IBM Networks client, the IBM Networks client always uses dcdb\users\username\profile.bat (in share IBMLAN$) as its startup script. By default, AIX Fast Connect sets /var/cifs/netlogon/dcdb/users as a link to /home (which is also the default for profiles_path). This allows the user-specific profile.bat files to reside in those users' profile directories (which are also AIX-user home directories, by default).

To setup a global startup script for all users using the IBM Networks client (and provide compatibility with Microsoft clients):

  1. Edit the global startup script /var/cifs/netlogon/startup.bat
  2. Create file links from profile.bat in every users' profile directory to the /var/cifs/netlogon/startup.bat file.

Setting Up Home Directories (Profile Directories)

Home directories, or profile directories, are used to store a Windows user's profile (USER.DAT and USER.MAN). Additionally, any application-specific settings and data are also stored in the Windows user's home directory. When the AIX Fast Connect server is configured as a domain network logon server, these home directories can reside on the AIX server.

AIX Fast Connect uses the profiles_path option to indicate where these profile directories are located. AIX Fast Connect expects the directory specified by profiles_path to contain a subdirectory for each AIX Fast Connect user. By default, AIX Fast Connect configures profiles_path to be /home (where most AIX user directories are kept).

If you want to change profiles_path, you must create subdirectories for each AIX Fast Connect user, with ownership and read/write permissions per user.

Windows Configuration Policy Files

When the AIX Fast Connect server is configured to support domain network logons, then Windows 95/98 and NT configuration policy files can be placed in the directory specified by the netlogon_path option. If CONFIG.POL or NTCONFIG.POL exist in the NETLOGON share at logon time, then the Windows client uses this policy file. By default, the location for these files is /var/cifs/netlogon.

Configuring Win 95/98 Clients for Network Logon

If IBM Network Client is being used, Follow the steps described in the IBM Network Client software README file.

If Microsoft Network Client is being used, select Client for Microsoft Networks as the default logon, and then change the Properties of this client software to logon to NT domains, using the AIX Fast Connect domainname as the NT-logon domain.

Configuring Network Logon for NT clients from Remote Subnets

The following are required to configure network logon from remote subnets:

The location of the LMHOSTS file varies depending on the system configuration. It can be found on the client by typing dir /s lmhosts from the Windows base directory. If this file does not exist on the system, the default file LMHOSTS.SAM can be copied to LMHOSTS and then modified.

LMHOSTS example:  fcserver    #PRE     #DOM:fcdomain  #AIX Fast Connect domain  "fcdomain       \0x00"  #PRE # 15 Bytes for the name, and  "fcdomain       \0x1C"  #PRE # the last byte is a hex subcode

These entries map the AIX Fast Connect name and domain to the server's IP-address. The #PRE operative indicates that this is to be preloaded, and the #DOM operative indicates the domain this server maps to. The other text above, after the '#' character is simply a comment statement. More details on this file can be found in the comment section of the LMHOSTS file.

After changing LMHOSTS, the PC client needs to be restarted, or run the command nbtstat -R to refresh the local name table.

Configuring LanServer (OS/2) Clients for Network Logon

The following restrictions apply to LanServer (OS/2) clients when accessing AIX Fast Connect as a network logon server:

AIX Fast Connect NetLogon Limitations

The following restrictions apply to the AIX Fast Connect implementation of Network Logon:

[ Previous | Next | Table of Contents | Index | Library Home | Legal | Search ]