Shulou(Shulou.com)05/31 Report--

This article mainly introduces how to configure and manage AIX Fast Connect for AIX 5.3. it is very detailed and has a certain reference value. Friends who are interested must read it!

Tip:

Unless otherwise noted, all references to the net command in this article refer to the AIX Fast Connect command (/ usr/sbin/net)

Instead of the NET command used on Dos and Windows.

Of course, you can also use the Web-based system Manager, SMIT, net commands, or a combination of these methods to configure and manage the site's AIX Fast Connect server.

AIX Fast Connect is preconfigured to provide basic access to AIX users' home directories, as defined in / etc/passwd, using clear text network passwords. When started, the AIX Fast Connect server will respond to all SMB/NetBIOS requests running the TCP/IP protocol.

Configurable parameters

AIX Fast Connect is designed to simplify management, and it also provides a set of customizable parameters to support various configurations.

Many of these parameters can be configured dynamically and there is no need to stop and restart the server for the changes to take effect.

These parameters can be found in the / etc/cifs/cifsConfig file and can be configured using the net config command in the following syntax:

Net config / parameter_name: parameter_value

A complete list of these configurable parameters can be displayed by entering net config help on the command line.

To avoid spelling mistakes, and because some of these parameters have to be changed at the same time, "Web-based system Manager" or SMIT is used in most changes to AIX Fast Connect configuration parameters.

In addition, an example of the net config command is shown below for reference by AIX Fast Connect system administrators who prefer this method.

To display the current configuration (abbreviated list), enter:

Net config

This command displays some of the most important parameters, including servername, domainname, and primary_wins_ipaddr.

To display a single parameter (for example, the servername parameter), enter:

Net config / parm: servername

To change parameters (for example, change domainname, autodisconnect timeout, and server comment), enter:

Net config / domainname:testdomain

Net config / autodisconnect:60

Net config / comment: "String parameter containing Spaces"

File sharing and print sharing configuration (export)

AIX Fast Connect can configure and export file shares and print shares. The file share is exported to the AIX directory. The print share is exported to the AIX print queue. A file share named HOME on the network is created by default each time the AIX Fast Connect server is started. This special file share maps to the $HOME (AIX home directory, from the / etc/passwd file) of any PC client user connected to AIX Fast Connect. (in addition, file shares IBMLAN$ and ADMIN$ may be created by default to support AIX Fast Connect's network login capabilities.) System administrators can use the Web-based system Manager, SMIT, or net commands to add more file shares or print shares.

(the default shared HOME, IBMLAN$, and ADMIN$ cannot be changed or deleted)

Each file share or print share represents an object that AIX Fast Connect is exporting to the Windows network, which is accessed through its netname. Here are some common tasks related to file sharing and print sharing:

To list all the shares currently exported by AIX Fast Connect, enter:

Net share

To add a new file share (for example, the export / tmp AIX directory is the network name NETTEMP), enter:

Net share / add / type:f / netname: NETTEMP / path:/tmp / desc: "File share test"

To add a new print share (for example, export the psColor1 AIX print queue network name PSCOLOR1), enter:

Net share / add / type:p / netname: PSCOLOR1 / printq:psColor1 / desc: "Print share test"

The AIX names of files, directories, and print queues are case-sensitive, but the network names used by Windows networking are case-insensitive.

To delete a share (for example, the share NETTEMP listed above), enter:

Net share / delete / netname: NETTEMP

If it appears that files are missing when viewing the directory from the PC client, AIX Fast Connect uses the AIX file permission bit to encode the DOS file attributes (read-only, archived, system, hidden).

Changing a file share or print share, including the share description, causes the share definition to be deleted and then re-added with its new value. This change affects all PC clients that connect to the share when it is redefined. These PC clients may encounter network errors or error messages that do not find a share until they manually remap the share or reboot the PC.

Hidden shares (network neighbors or NET VIEW are not shown) can be defined by adding $(dollar sign) at the end of the share name when the share is created.

If the AIX Fast Connect server has too much data to report, "NET VIEW servername" (on the PC client) may report an empty list.

User management

Access to AIX Fast Connect shares is managed internally through the AIX user security mechanism. For example, if an AIX user has write access to a particular AIX subdirectory exported by AIX Fast Connect, any PC client connected to AIX Fast Connect (like that AIX user) will have write access to that same subdirectory. (there are situations where external PC clients access AIX Fast Connect using a different client user name than the server user name used for access checking; for example, guest mode, share-level security, and user name mapping.)

User accounts can be configured on the server using the Web-based system Manager, SMIT, or net commands. Each defined AIX Fast Connect user must also be a defined AIX user. AIX Fast Connect supports user-level authentication using several mechanisms described in the following sections. Access to resources is licensed based on authenticated AIX user credentials.

Each AIX user name used for AIX Fast Connect authentication must have a specified AIX home directory. Otherwise, the user cannot access the AIX Fast Connect server.

Overview of user Authentication Mechanism

AIX Fast Connect supports several different types of user authentication to access AIX Fast Connect servers. Which authentication method to choose depends on the existing network environment and network policy. These authentication methods are briefly discussed in this section.

User authentication based on AIX (using plaintext network password)

When a plaintext password (non-NT pass authentication) is configured for an AIX Fast Connect server, the introduced SMB username / password is sent to the standard AIX system service for user authentication (which includes an integrated DCE login if a standard AIX system service is specified for the AIX user).

To enable the plaintext password for AIX Fast Connect, enter the following command:

Net config / encrypt_passWords:0

SMB networks do not support mixed case plaintext passwords. In clear text, each AIX user accessing AIX Fast Connect must have an all uppercase or all lowercase AIX password.

CIFS password encryption Protocol

When an encrypted password (non-NT pass authentication) is configured for the AIX Fast Connect server, the AIX Fast Connect validates the incoming SMB username/encrypted_password login against the / etc/cifs/cifsPasswd file (the database of AIX Fast Connect users and their encrypted passwords). The / etc/cifs/cifsPasswd file is initialized and maintained by the net user command.

To force an encrypted password for AIX Fast Connect, enter the following command:

Net config / encrypt_passwords:2

NT pass (Pass-Through) authentication

When configuring NT pass authentication for the AIX Fast Connect server, the encrypt_passwords parameter is ignored and the incoming PC client login request is passed over the network to the external Windows NT server authenticated by the user. (typically, PC clients authenticate to an external Windows NT server using an encrypted password.) This method is usually used when the NT server has been used as the network login server for the Windows network.

To enable AIX Fast Connect authentication to an external NT server at the TCP/IP address IPaddress, enter:

Net config / passthrough_authentication_server: IPaddress

You can also specify a backup server for NT authentication using the following command:

Net config / backup_passthrough_authentication_server: IPaddress2

Log in to AIX Fast Connect on the network

AIX Fast Connect itself can be configured to act as a network login server.

(Windows NT, Windows 2000, and Windows XP clients require IBM Primary Logon Client to use this feature.)

DCE/DFS support

AIX Fast Connect can configure DCE/DFS support with clear text or encrypted passwords. In this way, Fast Connect uses the DCE authentication mechanism to verify the DFS access of the PC client.

Authentication based on Kerberos

AIX Fast Connect supports Kerberos 5-based authentication for Windows XP and Windows 2000 clients. To use this feature, Windows XP and Windows 2000 clients must be configured for this mode.

Guest login

AIX Fast Connect supports guest login when plaintext or encrypted passwords are configured. If guest login is enabled for AIX Fast Connect, the incoming PC client user name (which AIX Fast Connect must recognize as a non-standard AIX Fast Connect user) is granted guest access based on the AIX Fast Connect user name specified as the guest user (the guestname parameter).

Share level security

When share-level security is configured for an AIX Fast Connect server, the password is associated with a separate file and print share rather than the PC client user name. In this way, AIX Fast Connect provides access to the PC client based on the shared user name specified as the share_level_security_username parameter, which is similar to guest login access.

Client-to-server username mapping

As an extension of the net user command, AIX Fast Connect can map PC client usernames (or collections of PC client usernames) to AIX usernames for user-mode authentication and file access.

LDAP user authentication

AIX Fast Connect can be configured to authenticate to a remote AIX LDAP server, Windows Active Directory server, or NDS server through the industry standard LDAP protocol.

Configure encrypted password

When configuring an encrypted password for an AIX Fast Connect server, AIX Fast Connect attempts to authenticate all incoming SMB username/encrypted_password logins against the AIX Fast Connect / etc/cifs/cifsPasswd file (the database of AIX Fast Connect users and their encrypted passwords). The file is initialized and maintained by the net user command.

When AIX Fast Connect is configured to use encrypted passwords, only AIX Fast Connect username configured with net user to use encrypted passwords can log in to AIX Fast Connect. These passwords are unique (and may be different) from the standard AIX passwords in the / etc/security file. When an AIX user changes his or her password (using / usr/bin/passwd), the user's AIX Fast Connect password does not change automatically. However, if you want to use encrypted passwords on the network to enhance network security or to simplify the configuration of the nearest Windows client, which assumes encrypted passwords by default, use the following methods:

To force an encrypted password for AIX Fast Connect, enter:

Net config / encrypt_passwords:2

To list all users configured in the / etc/cifs/cifsPasswd file, enter:

Net user

To configure an encrypted password for a new user, enter:

Net user username password / add

Or:

Net user username-p / add

The-p flag indicates that a non-echo password is required.

To change a user's encrypted password and update the user's AIX password at the same time, enter:

Net user username password / changeaixpwd:yes

-or-

Net user username-p / changaixpwd:yes

To remove a user from the encrypted password database, enter:

Net user username / delete

For security reasons, the default / etc/cifs/cifsPasswd file maps the client user name root to the server user name nobody. If you want to allow the username root to map to itself (as the server username), enter the following command to delete the default mapping:

Net user / delete root

The user name root can then be added as the Fast Connect user with its own encrypted password.

Basic server management

You can use the Web-based system Manager, SMIT, or net commands to manage AIX Fast Connect server operations. The following section shows the basic server operations using the AIX Fast Connect net command and highlights the fast path to SMIT at the end of this section.

Start and stop the AIX Fast Connect server

Follow these steps to start or stop the AIX Fast Connect server:

To load the server daemon and enable the PC client to connect, enter:

/ etc/rc.cifs start

To stop the server (and uninstall the server daemon), enter:

/ etc/rc.cifs stop

The AIX Fast Connect net command does not work when the server daemon (cifsServer) is not loaded. At this point, you need to configure the AIX Fast Connect parameter offline, or you may need to enter / usr/sbin/cifsServer on the command line to manually load the server daemon. This causes the net command to run without starting the server. The PC client cannot connect until the / etc/rc.cifs start command is issued.

To temporarily reject a new SMB session (maintaining an existing connection), enter:

Net pause

To re-enable the server to accept new connections, enter:

Net resume

Display server status information

AIX Fast Connect provides several mechanisms to display the current server status, including general status, configuration information, statistics, and user session information.

To query the running status of the server, enter:

Net status

To display general configuration information, enter:

Net config

To display statistics (for example, delivered packages), enter:

Net statistics

At the same time, you can type net statistics / reset directly on the command line to reset the statistical count.

To query the status of a logged-in user session, enter:

Net session

Web-based system Manager, SMIT Fast path, and net commands

You can use the Web-based system Manager PC service container to manage AIX Fast Connect or you can use the SMIT fast path and net commands shown in the following table.

SMIT fast paths and commands or files to be used to perform common AIX Fast Connect tasks

Task SMIT Fast path commands or Files

Start the server smit smbadminstart net start

Stop the server smit smbadminstop net stop

Pause server net pause

Restore server net resume

Change the parameter smit smbcfghatt net config

Change resource smit smbcfgresi net config

Add user smit smbcfgusradd net user

Change user smit smbchgusrlis net user

Change user password smit smbusrpwd net user

Delete user smit smbrmusrlis net user

Configure nbn smit smbwcfgn

List all shared smit smbsrvlisall net share

List all file shares smit smbsrvfilist net share

Add File share smit smbsrvfiladd net share

Change the file share smit smbsrvfilchg net share

Delete a file share smit smbsrvfilrm net share

Add Printer share smit smbsrvprtadd net share

Change printer share smit smbsrvprchg net share

Delete printer share smit smbsrvprtrm net share

Show server status smit smbadminstatu net status

Show configuration smit smbcfg net config

Display statistics smit smbadminstats net statistics

Show shared smit smbsrvlisall net share

Get help

(smit help panel) net help

NetBIOS name Service (NBNS)

AIX Fast Connect's NetBIOS name Service (NBNS) provides name resolution services. It also supports some of the features of the Windows Internet name Service (WINS), such as the registration of multiple host names and Internet group names.

To activate NBNS, enter:

Net config / nbns:1

To turn off NBNS, enter:

Net config / nbns:0

The nbns parameter is static, not dynamic. You must shut down and restart the AIX Fast Connect server to enable the NBNS service.

SMIT fast paths and commands or files to be used to perform common administrative NBNS tasks

Task SMIT Fast path commands or Files

Lists all the names net nblistnames in the NetBIOS name table

Add static NetBIOS name smit smbwcfgadd

Net nbaddname / name: NBname / ipaddress: IPaddress [/ sub: XX]

Or net nbaddgroup

Or net nbaddmulti

Delete the NetBIOS name smit smbwcfgdel from the name table

Net nbdelname / name: NBname [/ sub: XX]

Delete smit smbwcfdadd by name and address

Net nbdeladdr / name: NBname / ipaddress: IPaddress

Copy the NBNS name table to the file smit smbwcfgbak

Net nbbackup [/ file: filename]

Restore NBNS name table smit smbwcfgres from backup

Net nbrestore [/ file: filename]

Note:

The value of IPaddress can be any number in the range of IP addresses

The subcode sub value XX is the hexadecimal number of any two digits in the range 00-FF

These are all the contents of the article "how to configure and manage AIX Fast Connect for AIX 5.3.Thank you for reading!" Hope to share the content to help you, more related knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.