NFS Maestro Client

Users Guide
8160-9M
ii
NFS Maestro Client Users Guide
Version 11
Part Number 8160-9M
Published in Canada June 30, 2005
Hummingbird Ltd. Corporate Headquarters
1 Sparks Avenue Toronto, Ontario M2H 2W1 Canada
Toll Free Canada/U.S.A. 1 877 FLY HUMM (359 4866)
Tel +1 416 496 2200 Fax +1 416 496 2207 E-mail [email protected]
For more information, visit connectivity.hummingbird.com
RESTRICTED RIGHTS LEGEND Unpublished rights reserved under the copyright laws of the United States. The SOFTWARE is provided
with restricted rights. Use, duplications, or disclosure by the U.S. Government is subject to restrictions as set forth in subparagraph (c) (1) (ii) of The
Rights in Technical Data and Computer Software clause at DFARS 252.227-7013, subparagraph (c) (1) and (2) (a) (15) of the Commercial Computer
Software-Restricted Rights clause at 48 CFR 52.227-19, as applicable, similar clauses in the FAR and NASA FAR Supplement, any successor or
similar regulation.
Information in this document is subject to change without notice and does not represent a commitment on the part of Hummingbird Ltd. Not all
copyrights pertain to all products.
Copyright 2005, Hummingbird Ltd. All rights reserved. Trademarks and logos are the intellectual property of Hummingbird Ltd.
Connectivity Kerberos, Connectivity Secure Shell, Connectivity SecureTerm, Connectivity SSL, Exceed, Exceed 3D, Exceed Connectivity Suite,
Exceed onDemand, Exceed onDemand Client, Exceed onDemand Deployment Wizard, Exceed onDemand Server,
Exceed onDemand Server Manager, Exceed PowerSuite, Exceed XDK, HostExplorer, HostExplorer Connectivity Suite, Host Access Services,
HostExplorer Print Services, HostExplorer Web, Hummingbird Basic, Hummingbird Certificate Manager, Hummingbird Connectivity,
Hummingbird Connectivity Suite, Hummingbird Core Services, Hummingbird Deployment Packager, Hummingbird Deployment Wizard,
Hummingbird e-Gateway, Hummingbird FTP, Hummingbird InetD, Hummingbird Enterprise 2004, Hummingbird Proxy Server,
Hummingbird SOCKS Client, NFS Maestro, NFS Maestro Client, NFS Maestro Gateway, NFS Maestro Server, NFS Maestro Solo,
NFS Maestro Tuner, TXP, TXPM, and Xweb are trademarks of Hummingbird Ltd. and/or its subsidiaries.
All other copyrights, trademarks, and tradenames are the property of their respective owners.
ACKNOWLEDGEMENTS Portions of the code have been contributed by MIT. This product includes software developed by the OpenSSL
Project for use in the OpenSSL Toolkit (http://www.OpenSSL.org/).
DISCLAIMER Hummingbird Ltd. software and documentation has been tested and reviewed. Nevertheless, Hummingbird Ltd. makes no
warranty or representation, either express or implied, with respect to the software and documentation included. In no event will Hummingbird Ltd.
be liable for direct, indirect, special, incidental, or consequential damages resulting from any defect in the software or documentation included with
these products. In particular, Hummingbird Ltd. shall have no liability for any programs or data used with these products, including the cost of
recovering such programs or data.
iii
Related Documentation and Services
Manuals
All manuals are available in print and PDF. The PDF versions require Adobe Acrobat Reader and are installed only if
you perform a Complete installation, or if you select them during a Custom installation. Your Hummingbird
product comes with the following manuals:
Help
The online Help is a comprehensive, context-sensitive collection of information regarding your Hummingbird
product. It contains conceptual and reference information, and detailed, step-by-step procedures to assist you in
completing your tasks.
Release Notes
The release notes for each product contain descriptions of the new features and details on release-time issues. They
are available in both print and HTML. The HTML version can be installed with the software. Read the release notes
before installing your product.
NFS Maestro Client Users Guide Provides information on how to connect to exported filesystems on
remote NFS hosts and how to configure NFS Maestro Client to
optimize the connections.
HostExplorer Host Access Users Guide Provides information on how to access corporate mainframe data
through HostExplorer terminal emulation components, as well as
how to automate and configure host sessions.
HostExplorer Programmers Guide
(PDF format only)
Provides programmers with information on how to customize
HostExplorer, FTP, and WyseTerm through Visual Basic and Visual
C++ scripts using HostExplorer APIs.
Hummingbird Basic Language Programmers
Guide
Provides procedural and reference information, tips, and
suggestions for working with Hummingbird Basic Language using
Hummingbird Basic Workbench and Dialog Editor.
NFS Maestro Server Users Guide Provides information on how to export filesystems or printers,
manage users, groups, and permissions, and perform overall NFS
server administration tasks.
iv
Hummingbird Expos Online
Hummingbird Expos Online is an electronic mailing list and online newsletter. It was created to facilitate the
delivery of Hummingbird product-related information. It also provides tips, help, and interaction with
Hummingbird users. To subscribe/unsubscribe, browse to the following web address:
http://www.hummingbird.com/expose/about.html
User Groups and Mailing Lists
The user group is an unmoderated, electronic mailing list that facilitates discussion of product-related issues to help
users resolve common problems and to provide tips, help, and contact with other users.
To join a user group:
Send an e-mail to [email protected]. Leave the Subject line blank. In the body of the e-mail message,
type the following:
subscribe nfsmaestro-users Your Name
To unsubscribe:
Send an e-mail to [email protected]. Leave the Subject line blank. In the body of the e-mail message,
type the following:
unsubscribe nfsmaestro-users Your Name
To post a messages to the user group:
Send your e-mail to:
[email protected]
To search the mailing list archives:
Go to the following web site:
http://www.hummingbird.com/support/usergroups.html
v
Chapter 1: Introducing NFS Maestro Client 1
Introducing NFS Maestro Client .............................................................................. 3
NFS Maestro Client Applications ............................................................................. 4
Command Line Applications ..................................................................... 5
Chapter 2: Installing NFS Maestro Client 7
Hummingbird Setup Wizard .................................................................................... 9
Advanced Installation ................................................................................ 9
Preparing to Install .................................................................................................. 10
Installation Requirements ........................................................................ 10
Installation Directories ............................................................................ 11
User Directories ....................................................................................... 11
Installing in a Cluster Environment ........................................................ 12
Installing NFS Maestro Consoles ............................................................. 13
Multilingual User Interface (MUI) .......................................................... 13
Installation and Maintenance ................................................................................. 13
Personal Installation ................................................................................ 13
Program Maintenance for Personal Installations .................................... 16
Administrative Installation ...................................................................... 17
Typical Installation Scenarios ................................................................................. 19
Personal Installations ............................................................................... 19
Advertised Installation ............................................................................. 20
Microsoft Systems Management Server (SMS) ........................................ 21
Sconfig ...................................................................................................... 22
Preserving User Profiles ........................................................................................... 23
Product Registration ................................................................................................ 23
Contents
vi
NFS Maestro Client Users Guide
Chapter 3: Advanced Installation 25
Controlling Per-User Settings ................................................................................. 27
Customizing Files and Folders ................................................................. 28
Adding Registry Entries ............................................................................ 28
Updating the Personal User Directory for All Users ................................ 29
Passing Arguments to Per-User Settings .................................................. 30
User Settings Migration ............................................................................ 30
Manual User Settings Migration .............................................................. 32
Controlling Uninstallation ....................................................................... 32
Customizing Installations with Sconfig .................................................................. 33
How Does Sconfig Work? ......................................................................... 33
Overview of Creating Transform Files ................................................................... 34
Opening the MSI and MST Files ........................................................................... 36
Customizing Product Installations ......................................................................... 37
Product Installation Directories ............................................................... 37
Product Feature Availability ..................................................................... 41
File Installation ......................................................................................... 43
Product Properties ................................................................................... 45
Registry Keys ............................................................................................ 47
Shortcuts for Hummingbird Product Features ........................................ 49
Hummingbird Metering Settings ............................................................. 52
Environment Variables ............................................................................. 53
User Settings ............................................................................................. 55
Product Profile Spaces .............................................................................. 57
Directory Services Settings ....................................................................... 58
NFS Maestro Client Properties ................................................................. 60
Saving the MST File ................................................................................................ 61
Applying the MST File to an Installation .............................................................. 62
Creating Multiple Custom Installations ................................................................. 63
Running Sconfig from a Command Line ............................................................... 64
Chapter 4: Basic Concepts 67
The Network File System (NFS) Protocol .............................................................. 69
The Remote Procedure Call (RPC) Protocol ........................................... 69
Daemons Required for NFS ..................................................................... 70
The Connection Process ........................................................................... 71
File Locking vs. Record Locking ............................................................................. 72
Contents
vii
Symbolic Links ......................................................................................................... 73
Creating Symbolic Links from the Command Line ................................. 74
Creating Symbolic Links with the Create Symbolic Link Wizard ............ 75
Authentication Protocols ........................................................................................ 76
The Authentication Process ..................................................................... 76
NFS Credentials ....................................................................................... 77
AUTH_SYS/AUTH_UNIX Authentication ............................................. 78
AUTH_DH/AUTH_DES Authentication ................................................ 78
RPCSEC_GSS Authentication .................................................................. 79
Authorization ........................................................................................................... 82
UNIX Permissions .................................................................................... 82
NTFS Permissions .................................................................................... 84
The Network Component (Hummingbird NFS) .................................................. 86
Configured NFS Hosts Container ............................................................ 86
Directory Service Automounts Container .............................................. 87
Directory Service Hosts Container ......................................................... 91
Listing and Exploring NFS Resources ...................................................... 91
Creating Custom Containers ................................................................... 92
Importing and Exporting NFS Host Information ................................... 94
Chapter 5: Connecting to NFS Resources 95
Preparing to Connect .............................................................................................. 97
Verifying Required RPC Daemons .......................................................... 97
Verifying Available Exports ................................................................... 100
Basic Connection Information ............................................................................. 101
Specifying Network Paths ...................................................................... 101
Specifying Network Paths as Directory Service Queries ........................ 102
Default Credentials for Connecting ....................................................... 104
Connecting from the Command Line .................................................................. 105
Connecting from the NFS Maestro Network Access Dialog Box ........................ 106
Editing the Network Path History ......................................................... 108
Specifying Credentials with the Connect As Dialog Box ....................... 109
Registering Credentials .......................................................................... 110
Connecting from Windows Explorer ................................................................... 111
Disconnecting from Connected Filesystems ........................................................ 112
Remote Printing ..................................................................................................... 113
Connecting to Remote Printers ............................................................. 114
viii
NFS Maestro Client Users Guide
Chapter 6: Configuring and Tuning NFS Maestro Client 117
NFS Maestro Client Properties ............................................................................. 119
Network Properties ................................................................................ 120
File Access Properties ............................................................................. 123
Character Encoding Properties .............................................................. 125
Setting Initial Values for Client Properties ............................................ 126
Setting Default Values for Client Properties .......................................... 127
Setting Properties for New and Existing Connections ........................... 128
Setting Miscellaneous Properties ........................................................... 130
Setting Permissions for Shared Resources ............................................................ 133
Configuring Authentication Protocols ................................................................. 134
Configuring AUTH_SYS/AUTH_UNIX ................................................ 134
Configuring AUTH_DH/AUTH_DES ................................................... 135
Configuring RPCSEC_GSS ..................................................................... 135
Managing Shares .................................................................................................... 139
Browsing Hosts and Shares with the NFS Share Editor ......................... 140
Adding/Removing Host Names and Share Names ................................ 141
Editing Share Properties ......................................................................... 142
Optimizing NFS Connections ............................................................................... 143
Running the NFS Maestro Client Tuner Wizard ................................... 144
Chapter 7: Configuring NFS Maestro Client Through the Console 145
NFS Maestro Consoles .......................................................................................... 147
The Console Interface ............................................................................ 147
Opening NFS Maestro Consoles ............................................................ 148
Configuring NFS Maestro Products Remotely ....................................... 150
Applying Configurations to Multiple Machines .................................... 151
The NFS Maestro Client Console ........................................................................ 152
Chapter 8: NFS Maestro Name Mapping Server 155
Introducing NFS Maestro Name Mapping Server ............................................... 157
Name Mapping Options ......................................................................... 158
The NFS Maestro Name Mapping Server Console ................................ 159
Opening NFS Maestro Name Mapping Server Configuration ............... 159
Running the Server in a Cluster Environment ....................................... 161
Contents
ix
Basic Concepts ....................................................................................................... 161
The NFS Name Space ............................................................................. 161
Primary and Secondary Mappings ......................................................... 162
Name Mapping for NFS Maestro Gateway ............................................ 164
Name Mapping for NFS Maestro Server ................................................ 164
Name Mapping for NFS Maestro Client ................................................ 165
Retrieving Password and Group Files ................................................................... 165
Specifying the NFS Name Space ........................................................................... 167
Specifying Mapping Styles ..................................................................................... 167
Mapping User and Group Names Automatically .................................. 168
Mapping User and Group Names Manually .......................................... 172
Specifying Default Mappings ................................................................................ 176
Unmapped Windows Names ................................................................. 176
Unmapped NFS Names .......................................................................... 177
Exporting and Importing Name Mappings ......................................................... 179
Synchronizing Name Mappings ............................................................................ 181
Chapter 9: Hummingbird Directory Services 183
Hummingbird Directory Services Applications ................................................... 185
Directory Services Explorer ................................................................... 185
Hummingbird Directory Services .......................................................... 185
Opening Directory Services Applications .............................................. 188
Directory Services Overview ................................................................................. 190
Directory Service Protocols .................................................................... 190
Directory Service Objects ....................................................................... 191
Server Architecture ................................................................................ 192
Binding to Domains .............................................................................................. 193
Locating Domain Servers ....................................................................... 193
Directory Service Profiles ....................................................................... 195
Creating Profiles ..................................................................................... 197
Opening the Properties Dialog Boxes .................................................... 199
Binding to NIS ....................................................................................................... 200
Binding to NIS+ ..................................................................................................... 202
Keylogin and the System Profile ............................................................ 205
x
NFS Maestro Client Users Guide
Binding to LDAP ................................................................................................... 205
Specifying LDAP Domains and Bind Methods ...................................... 206
Retrieving Profiles from Directory Service Agents ................................ 209
Securing LDAP with SSL/TLS ................................................................ 211
Setting LDAP Search and Bind Options ................................................. 213
Specifying Authentication Methods for LDAP Profiles ......................... 214
Specifying Schemas for LDAP Profiles ................................................... 218
Exploring Directory Services ................................................................................. 221
Querying Directory Service Objects ....................................................... 221
Sorting Query Results ............................................................................. 223
Saving Query Results .............................................................................. 223
Viewing Object Properties ...................................................................... 224
Modifying Profiles .................................................................................. 225
Changing Domain Passwords ................................................................. 226
Specifying Default Servers for hclnfsd/pcnfsd Authentication ........................... 227
Configuring Directory Services ............................................................................. 229
Selecting Services .................................................................................... 229
Modifying Profiles .................................................................................. 230
Disabling User Profiles ........................................................................... 232
Specifying Host Lookup Services ........................................................... 232
Synchronizing Passwords ....................................................................... 233
Running Keylogin ................................................................................... 234
Specifying Name Mapping Servers ....................................................................... 234
Configuring LDAP Name Mapping Servers and Clients ........................ 237
Extending the Active Directory Schema for Name Mapping ................. 239
Creating and Modifying Name Mapping Profiles .................................. 243
Specifying the NFSv4 Domain .............................................................................. 247
Running Command Line Applications ................................................................ 249
Appendix A: Integrating hclnfsd 251
The hclnfsd Daemon ............................................................................................. 253
hclnfsd versus pcnfsd ............................................................................. 253
Transferring and Compiling hclnfsd .................................................................... 253
Troubleshooting hclnfsd Compilation ................................................... 255
Running hclnfsd on the Server ............................................................................. 256
Servers File Format ................................................................................. 258
Error Messages ....................................................................................... 259
Contents
xi
Appendix B: Troubleshooting 261
Troubleshooting Check List .................................................................................. 263
Troubleshooting Printer Shares ............................................................................ 264
Viewing Disk Space and File Quotas .................................................................... 265
NFS Error Messages ............................................................................................... 267
Access Denied to a File/Directory ......................................................... 267
Access Denied While Mounting ............................................................ 267
Authorization Error While Mounting .................................................. 268
Bad Activation Key Message .................................................................. 268
Disk Full Error ...................................................................................... 268
Invalid Remote Device Error ................................................................ 269
Authentication Daemon Timeout Error ............................................... 269
Not Enough Disk Space in Temp Directory .......................................... 269
Out of Memory Error ............................................................................ 270
Permission Denied ................................................................................ 270
Read/Write Errors ................................................................................. 270
Remote Host Unavailable Error ............................................................ 271
Frequently Asked Questions ................................................................................. 271
Troubleshooting Authentication .......................................................................... 272
Weak Authentication ............................................................................. 273
AUTH_DH/AUTH_DES Troubleshooting ............................................ 274
Installation Troubleshooting ................................................................................ 276
Appendix C: Connectivity Applications 281
Hummingbird Connectivity ................................................................................. 283
Accessories ............................................................................................. 283
Administrative Tools .............................................................................. 284
Connectivity Tools ................................................................................. 285
HostExplorer .......................................................................................... 286
HostExplorer Tools ................................................................................ 287
HostExplorer Print Services Console ..................................................... 287
WyseTerm .............................................................................................. 287
Hummingbird FTP ................................................................................ 288
Hummingbird Deployment Wizard ..................................................................... 288
NFS Maestro Solo Applications ............................................................................ 288
xii
NFS Maestro Client Users Guide
Appendix D: General Accessibility and Technical Support 289
General Accessibility .............................................................................................. 291
Microsoft Accessibility Options ............................................................. 292
Technical Support ................................................................................................. 293
Index 295
Chapter 1
Introducing NFS Maestro Client
Introducing NFS Maestro Client 3
NFS Maestro Client Applications 4
Command Line Applications 5
Chapter 1: Introducing NFS Maestro Client
3
Introducing NFS Maestro Client
For a list of supported
Windows platforms, see
Preparing to Install on
page 10.
Hummingbird NFS Maestro Client turns your Windows machine into an
NFS client. Using NFS Maestro Client, you can connect to remote NFS
resources that have been exported from a variety of computing
environments, including UNIX, VMS, Macintosh computers, IBM
mainframes, and the Internet. You can create connections without leaving
the familiar Windows environment and without having to understand
UNIX, NFS commands, or the underlying network protocols.
You can connect to the following types of exported resources:
remote filesystems
remote printers
NFS Maestro Client supports NFS versions 2, 3, and 4.
Connections to Remote Filesystems
For more information about
making connections, see
Chapter 5.
NFS Maestro Client masks differences of architecture and operating systems
so that you can access a remote NFS filesystem from within your Windows
environment.
In order for a remote filesystem to be accessible, the NFS administrator
must first export it. This procedure is similar to sharing folders in Windows.
When NFS Maestro Client establishes a connection to an exported
filesystem, it maps that remote filesystem to a drive letter on your local
machine as if the filesystem were a local disk. The connection provides
seamless interoperability with the remote filesystem from within Windows.
Connections to Remote Printers
For more information about
connecting to a printer, see
Remote Printing on
page 113.
NFS Maestro Client can access an NFS printer by redirecting output from a
local port to the remote printer. The redirection is transparent to the client.
The NFS client machine can connect to the remote NFS printer as it would
to a local printer within the Windows environment. You can also access
remote printers from the command line.
Printing works only with AUTH_SYS/AUTH_UNIX authentication. For
more information on this protocol, see page 78.
NFS Maestro Client Users Guide
4
NFS Maestro Client Applications
NFS Maestro Client includes the following applications that let you
establish and maintain NFS connections and configure NFS shares.
Client Configuration Wizard Lets you configure default settings for NFS
Maestro Client. This wizard appears automatically at the end of the
installation process if you set the Tuning installation option. After
installation, you can access the wizard from the Windows Star t menu. This
wizard provides another way of configuring the options found in the
Hummingbird NFS Maestro Client Proper ties dialog box.
Hummingbird NFS Maestro Client Properties Lets you set the default
parameters used by the client. You can access the Hummingbird NFS Maestro
Client Proper ties dialog box from the Windows Control Panel. For more
information, see Setting Default Values for Client Properties on page 127.
NFS Maestro Network Access Lets you connect to and disconnect from
NFS resources. For more information, see Connecting from the NFS
Maestro Network Access Dialog Box on page 106.
NFS Maestro Client Tuner Wizard Optimizes NFS Maestro Client
settings based on the local network configuration. For more information,
see Optimizing NFS Connections on page 143.
Remote Quota Displays the disk space and file quota information for
each connection you have made to a remote NFS filesystem. For more
information, see NFS Maestro Client Help.
Remote Info For a given NFS server, lets you determine the host access
restrictions applied to the exported resources on the server and verify that
the server is running all of the necessary daemons for NFS connections. For
more information, see NFS Maestro Client Help.
NFS Share Editor Lets you view the NFS hosts and shares on your subnet
and configure properties for a share. You can also add new shares or delete
shares. When you save any changes in NFS Share Editor, the changes are
saved in the Windows registry. For more information, see Managing
Shares on page 139.
Chapter 1: Introducing NFS Maestro Client
5
NFS Maestro Client Console Lets Administrators configure local and
remote instances of NFS Maestro Client through the Microsoft
Management Console (MMC). For more information, see Chapter 7.
NFS Maestro Name Mapping Server Configuration Lets you map user
and group names from a Windows domain to names in an NFS domain. By
querying the name mapping server, other NFS Maestro products can
retrieve these Windows-to-NFS credential associations. NFS Maestro Name
Mapping Server Configuration can run on the same machine as NFS
Maestro Client or on a remote machine. For more information on NFS
Maestro Name Mapping Server Configuration, see Chapter 8.
NFS Maestro Server Lets you share local resources on a Windows 2000+
machine to clients using the Network File System (NFS) protocol. In effect,
NFS Maestro Server turns your Windows machine into an NFS server.
When you install NFS Maestro Server as a component of NFS Maestro
Client, the following restrictions apply:
You can share resources to a maximum of 10 concurrent NFS clients.
You cannot share local printers or authenticate PC clients (the pcnfsd
daemon is not available).
If you are running NFS Maestro Server in a cluster environment, you
cannot share resources from external disks registered in the Cluster
Administrator.
For more information, see NFS Maestro Server Help.
Command Line Applications
For more information on
these commands, see NFS
Maestro Client Help.
NFS Maestro Client includes the following command line applications:
Command Description
cat Displays the contents of a file.
chgrp Lets you change the group ownership of a file.
chmod Lets you change the permission mode of a file.
chown Lets the root user change the ownership of a shared file or
directory.
NFS Maestro Client Users Guide
6
df Reports free disk space on local and connected (remote)
filesystems.
exports Displays filesystems exported from a specified NFS server.
hclshow Displays the system configuration.
ln Lets you create symbolic links between files on NFS
filesystems.
ls Lists the files in a directory or the name and attributes of a file.
nfs dirprot Lets you set the default directory protection mode.
nfs group Determines default groups for a remote device.
nfs link Lets you connect to a remote filesystem.
nfs prot Lets you set the default file protection mode.
nfs register Stores user name and password information for subsequent
NFS connections.
nfs unlink Lets you disconnect from a remote filesystem.
nfs use Displays the currently connected devices.
perftest Determines optimal read/write parameters for connecting to
NFS filesystems.
quota Displays disk usage information for NFS connections.
remlocks Removes all file or record locks on a specific host.
rpcinfo Displays which RPC services are running on an NFS server.
Command Description
Chapter 2
Installing NFS Maestro Client
Hummingbird Setup Wizard 9
Advanced Installation 9
Preparing to Install 10
Installation Requirements 10
Installation Directories 11
User Directories 11
Installing in a Cluster Environment 12
Installing NFS Maestro Consoles 13
Multilingual User Interface (MUI) 13
Installation and Maintenance 13
Personal Installation 13
Program Maintenance for Personal Installations 16
Administrative Installation 17
Typical Installation Scenarios 19
Personal Installations 19
Advertised Installation 20
Microsoft Systems Management Server (SMS) 21
Sconfig 22
Preserving User Profiles 23
Product Registration 23
Chapter 2: Installing NFS Maestro Client
9
Hummingbird Setup Wizard
Hummingbird Setup Wizard is the interface displayed by Windows
Installer. Setup Wizard is based on three standard, top-level user interfaces
or modes: installation, administration, and advertisement. Each defines a
different installation path and user interface flow.
For common issues and
questions about
Hummingbird Setup
Wizard, see Appendix B:
Troubleshooting.
Setup Wizard does the following:
uses the Windows Installer service to maintain the applications and
resources installed on the computer
determines the correct path to specific components
ensures that applications do not point to missing files
The Windows Installer service views all applications as three logical
building blocks: products, features, and components.
Advanced Installation
See Chapter 3: Advanced Installation for more information about:
customizing Hummingbird Connectivity Settings for personal
(per-user) and global (all users) installations
customizing installations with Sconfig
Hummingbird Administrator Toolkit (Files and Settings Transfer
Wizard, Metering Client Settings, and Media Location Manager)
Note: You cannot preserve user profiles for products before
version 7.1.
NFS Maestro Client Users Guide
10
Preparing to Install
System and shared files currently in use cannot be updated. Close all
applications before proceeding with the installation.
Hummingbird Connectivity products use Windows Installer 3.1. This
version is included with Windows Server 2003, and is available for Windows
2000 (SP4) and Windows XP. Setup Wizard updates Windows Installer, if
necessary.
Installation Requirements
The following table outlines installation requirements for Hummingbird
Connectivity products:

Administrator privileges are required to install some portions of the product.

Product Operating System
Disk Space (MB)
Other Requirements
Typical Complete Cache
NFS Maestro Client Windows
2000/XP/Server 2003

69 125 144 Winsock compliant TCP/IP

(Winsock 2 recommended)
NFS Maestro Solo 15 36 55
NFS Maestro

Server
16 20 34
NFS

Maestro
Gateway
Windows 2000 Server

(and Advanced Server)
Windows Server 2003

17 26 44
Chapter 2: Installing NFS Maestro Client
11
Installation Directories
Hummingbird Setup Wizard installs program-specific and user-specific
files to the directories described below.
User Directories
For more information about
customizing individualized
installations, see Chapter
3: Advanced Installation.
User files for Hummingbird Connectivity products are created in one of two
directories: per-machine or per-user. If the product is installed for all users
of the machine, you can choose whether user files are individualized (per-
user) or are shared (per-machine). Some files are always placed in a shared
(per-machine) location known as the global user directory. This location is
not the same as the shared user directory.
Installation Description Location/Type
Destination
folder
Program files install into the destination
folder (also known as the root home
directory). It is recommended that you use
the default directory:
C:\Program Files\Hummingbird\
Connectivity\version\
However, you can specify a different
directory.
Location: a remote network drive or a local
hard drive.
Can be a read-only directory.
User directory User files install into the user directory.
These files are configuration files or related
files that your Hummingbird product can
change.
There are several kinds of user directories
and user files. For more information, see
User Directories below.
Directory Default Location
Per-user C:\Documents and Settings\%USERNAME%\
Application Data\Hummingbird\Connectivity\version\
Note: This location is usually hidden (by default).
Shared user C:\Documents and Settings\All Users\Application Data
\Hummingbird\Connectivity\version
Global user C:\Documents and Settings\All Users\Application Data
\Hummingbird\Connectivity\version\Global
NFS Maestro Client Users Guide
12
Per-User
Per-user files are all application files that, when changed, affect only the user
who is making the change (that is, the currently logged in user). An example
of a user-specific file is HostEx.ini. If you configure HostEx.ini with
HostExplorer to Not Prompt on Window Close for a particular user, then
other users of the machine are not affected. Another example of a user-
specific file is Exceed.xcfg. If you configure Exceed.xcfg with Xconfig to
use a certain display, then other users of the machine are not affected.
Per-Machine
Per-machine files are those application or service files that, when changed,
affect all users of the computer. An example is the inetd.ini file. If you
change inetd.ini to stop the Telnet daemon from running, then regardless
of which user is logged onto the computer, the InetD service rejects Telnet
connections.
Global User
Similar to per-machine directories and files, the global user folder is
available to all users of the machine. Generally, the global user folder is
intended as writable by administrators and readable by all users. In certain
cases, folder permissions might be changed to allow everyone write access.
Shared files such as user profiles and mandatory settings are accessible from
the global folder on the local machine (regardless of the current user).
Installing in a Cluster Environment
NFS Maestro products support Windows Clustering Technology. If you
want to run an NFS Maestro product in a cluster environment, the cluster
service must be running when you install the product. If the service is not
running when you install the product, the Setup Wizard lets you select one
of the following options:
continue the installation without installing the cluster components
abort the installation
Note: Each user of the product on the machine receives a
personal user directory.
Chapter 2: Installing NFS Maestro Client
13
If you do not install the cluster components, the NFS Maestro product will
not be cluster aware. If you abort the installation, you can restart the cluster
service before installing the product again.
Installing NFS Maestro Consoles
Hummingbird provides Microsoft Management Console (MMC) snap-ins
for NFS Maestro products. If you are an Administrator on your machine
and you have installed the NFS Administration feature, you can configure
local and remote NFS Maestro products through the console. You can also
install the NFS Administration feature by itself. In this case, you can
configure remote NFS Maestro products through the console without
installing the entire product on your local machine.
Multilingual User Interface (MUI)
Setup Wizard provides a language option that supports machines running
Windows XP/Server 2003 with one or more Language Interface Packs
installed.
Installation and Maintenance
This section describes basic installation procedures and setup types:
personal installationone user installs the product on one computer
administrative installationsystems administrators create an image of
the product at a network location
For examples of how to implement these procedures, see Typical
Installation Scenarios on page 19.
Personal Installation
Autorun launches the Hummingbird Master Setup application when you
insert the CD into your drive. If Master Setup does not launch
automatically, run Msetup.exe from the root directory of the CD.
NFS Maestro Client Users Guide
14
To configure Windows Installer and prepare Setup Wizard:
1 In the Hummingbird Master Setup application window, you can install
additional Hummingbird products (such as Hummingbird SOCKS
Client), third party add-ons, register online, or view release notes.
Otherwise, click Install Product, and then Personal Installation.
2 Select a setup language or select Multilingual User Interface. Click OK.
3 Your Hummingbird product prepares Setup Wizard, checks the
operating system the current Windows Installer version. If necessary,
the version is updated and the Setup Wizard continues.
4 Setup Wizard initializes and prepares Windows Installer.
5 The Welcome dialog box opens. Click Next.
6 If a previous version of this product or another compatible
Connectivity product is installed, the Product Migration dialog box
opens. You can select whether to migrate settings (and remove that
product). Click Next.
7 If applicable, the License dialog box for evaluation versions of the
product opens. Provide a license key and click Next.
The Next button is dimmed
if the terms of the license
agreement are not
accepted.
8 The License Agreement dialog box opens. Read the licensing agreement.
If you select the option that indicates the terms are acceptable, then
click Next.
a) Select whether the user directory location is individualized for each
user, or whether users share the same directory.
b) Click Next.
Note: To quit installation, click Cancel in any Setup Wizard dialog
box. Your computer is not affected if you do this before the Setup
Wizard copies files. To review or change settings in a previous
dialog box, click Back.
Note: Failure to read or understand the License Agreement does
not affect the terms and conditions of the agreement.
Chapter 2: Installing NFS Maestro Client
15
For 64-bit products,
Destination Folder (or
home directory) only
affects 64-bit folder
locations.
9 The Destination Folder dialog box opens. Accept the default installation
folder for the product, or click Change to open a dialog box for
browsing to an alternate location. Click Next.
10 The Setup Type dialog box opens. Select a setup type and click Next.
11 Depending on the setup type (and features selected), the following
occur:
If Custom setup type is selected, the Custom Setup dialog box opens.
Select whether or not specific features and sub-features are
installed.
If the Metering Client is selected (in Administrative Tools) for
installation as a feature in Custom setup, or if Complete is the setup
type, then the Hummingbird Metering Client Settings dialog box
opens. Type the required information and click Next.
12 The Additional Install Options dialog box opens. Select install options and
click Next:
Local CacheCopies setup files locally so that future repairs or
patches do not prompt for a source.
UpdatesLaunches the default browser (after installation) and goes
to the Hummingbird Web Update Centre.
TuningRuns the NFS Maestro Client Configuration wizard the first
time you restart your machine after installation. This wizard lets
you configure directory services and set initial values for client
properties such as read/write packet size. The wizard can also scan
your subnet to locate all available NFS servers.
Note: Some product features are not affected by changes to the
destination folder.
Note: A Hummingbird Update shortcut to the Web Update Centre
is available in the Administrative Tools folder within the
Hummingbird Connectivity program group.
NFS Maestro Client Users Guide
16
13 If you selected the Tuning installation option, the NFS Maestro Client
Configuration wizard runs when your machine restarts. If at any time
you click Cancel to close the wizard, the product uses default values for
client properties.
14 A dialog box indicates Setup Wizard is ready to begin installation. Click
Install.
15 A dialog box opens indicating that installation is complete. Click Finish
and you are prompted to restart your computer.
For information about product modification, repairs, or removal, see
below.
Program Maintenance for Personal Installations
Program maintenance lets you modify, repair, or uninstall existing
Hummingbird products and features.
To launch Hummingbird Setup Wizard in maintenance mode:
1 You can open Program Maintenance by running Msetup.exe from the
product CD. Alternatively, double-click Add/Remove Programs in Control
Panel, select the Hummingbird program, and click Add/Remove.
The Welcome dialog box opens.
2 In the Welcome dialog box, click Next. The Program Maintenance dialog
box opens where you can select a maintenance option.
For more information about maintenance options, see the following
procedures.
To modify the install state of program features:
1 In the Program Maintenance dialog box, select Modify and click Next.
2 The Custom Setup dialog box opens. Expand the feature tree and change
the install state, as necessary. Click Next.
3 Setup Wizard prompts when it is ready to modify the program. Click
Install and the install state of program features changes according to
your specifications.
4 Installation (modification) proceeds to completion. Click Finish to exit.
Chapter 2: Installing NFS Maestro Client
17
To repair a program:
1 In the Program Maintenance dialog box, select Repair and click Next.
2 The Ready to Repair the Program dialog box indicates Setup Wizard is
ready. Click Install to repair errors such as missing or corrupt files,
shortcuts, and registry entries.
3 Program repair proceeds to completion. Click Finish to exit.
To remove a program:
1 In the Program Maintenance dialog box, select Remove and click Next.
2 The Remove the Program dialog box indicates Setup Wizard is ready.
Click Remove to uninstall the program.
3 Program removal proceeds to completion. Click Finish to exit.
Administrative Installation
Autorun launches the Hummingbird Master Setup application when you
insert the CD into your drive. If Master Setup does not launch
automatically, run Msetup.exe from the root directory of the CD.
Administrative installations let you create a centralized image of the
product. This means that many users can install the product without the
original CD media.
Note: With Windows Installer, you can uninstall (remove) only one
program (product) at a time. Ensure that all programs associated
with the product you are uninstalling are closed.
Note: If the current version 11 product is the last product (or only
product) being removed, then the local cache folder is removed
as well.
NFS Maestro Client Users Guide
18
To run Setup Wizard in Administrative mode:
1 Run Msetup from the product CD. In the Hummingbird Master Setup
application window, you can select options to install third party
add-ons, register online, or view release notes. Otherwise, to run Setup
Wizard, click Install Product, then click Administrative Installation.
Alternatively, from the product directory on the CD, run:
setup /a
2 Select a setup language and click OK. This language will apply to all
installations from the copied image or shared image.
3 Your Hummingbird product prepares Setup Wizard, checks the
operating system, and checks the current Windows Installer version.
If necessary, the version is updated and the Setup Wizard continues. If
Windows Installer is not present on your operating system, Setup
Wizard installs the service.
4 After configuring Windows Installer and preparing to install, Setup
Wizard proceeds to the Welcome dialog box. Click Next.
5 The Network Location dialog box opens. Accept the default installation
folder for the product, or click Change to open a dialog box for
browsing to an alternate network location. Click Next.
6 The Ready to Install Network Image dialog box opens. Click Install.
Installation of the network image proceeds to completion.
Note: To quit the installation, click Cancel in any Setup Wizard
dialog box. Your computer is not affected if you do this before the
Setup Wizard copies files. To review or change settings in a
previous dialog box, click Back.
Chapter 2: Installing NFS Maestro Client
19
Typical Installation Scenarios
This section describes installation scenarios. The conditions and parameters
affecting implementation in your environment may vary from these
examples.
Personal Installations
Administrators (and non-Administrators granted elevated privileges by an
Administrator) are able to perform personal installation of Connectivity
products. For more information, see Personal Installation on page 13.
Silent Installation
A silent installation runs in the background.
This scenario assumes:
you are logged in to the computer as the (local) Administrator
the product CD is available locally or on the network
To run a silent installation:
1 Launch Setup Wizard from the command line using the following
syntax:
E:\setup /S /V/qn [/lnnnn]
where E:\ is the CD-ROM drive.
The following describes possible command line options:
Note: This scenario describes a local installation.
Option Description
/S Specifies a silent installation.
Note: S is upper-case.
NFS Maestro Client Users Guide
20
2 Installation proceeds to completion.
Advertised Installation
Advertisement (install on demand or deferred installation) means all
features of a product are available even if they are not installed on the
computer. This scenario assumes:
you are logged in to the computer as the (local) Administrator
the product CD is available locally or on the network
/V/qn /V passes parameters to Msiexec.exe.
Note: There are no spaces between the /V and /qn
options and that V is upper-case. If a character string
contains a space, put quotes around it. For example:
/Vparameter space
/lnnnn Overrides the default English language installation
where nnnn is the transform file name.
Note: For nnnn, type only the number but not the
.mst extension.
/RS|RE command Run the command either at the startup (/RS) or at the
end (/RE) of setup.
For example, to launch a file in Notepad at startup:
/RS notepad readme.txt
Note: Not all product features can be advertised.
Option Description
Chapter 2: Installing NFS Maestro Client
21
To advertise a product and all its features:
1 Launch Setup Wizard in advertisement mode by one of the following
methods:
on the command line, type E:\setup /jmwhere E:\ is the CD-
ROM drive
run Msetup.exe from the product CD
Shortcuts and registry
entries exist on the
computer, but files are not
installed.
2 A Hummingbird product icon is installed on the computer desktop,
and in the Windows program group (on the Star t menu), for each
feature.
Microsoft Systems Management Server (SMS)
An Administrator can use SMS to manage network computers, distribute
software from a central location, and perform a variety of other system
management tasks. The Administrator can install a package of products
simultaneously on multiple computers.
Requirements:
You can get the latest
Service Pack for SMS from
the Microsoft web site.
SMS version 2.0 with Service Pack 2 (or greater)
SMS Client (installed on each client computer) supplied with SMS
Server
Windows Installer on the client computer
A package contains source
files for the program and
various details for directing
the software distribution
process.
To distribute a product using SMS, the Administrator must create a package
definition file according to SMS instructions. For convenience,
Hummingbird provides default .sms files for all products.
Note: For a deferred installation, the product CD must be in the
drive and the drive must be accessible.
Note: Shortcuts for features requiring Administrator privilege will
not launch correctly if the user does not have the required
privileges to install the feature.
NFS Maestro Client Users Guide
22
These are the default scenarios in each package definition file:
Typical
Typical Language
Silent Typical
Silent Complete
Uninstallation
When a package is run through SMS, it prompts you to select one of these
options (scenarios). Use the following command line parameters to apply
modifications or create new package definition files:
For more information about
Msiexec command line
options, see the Windows
Installer documentation
available in the MSDN
online library at
msdn.microsoft.com.
Refer to Microsoft documentation for command line parameters, switches,
and other information required for Windows Installer and Systems
Management Server.
Sconfig
Sconfig (Setup configuration) lets you customize the installation of software
on local and network machines. Use it to customize the folders installed by
Setup Wizard, determine what is installed (as well as limit functionality or
optimize disk space), and simplify user input. For more details, see
Chapter 3: Advanced Installation.
Command Line Parameter Description
/i Installs or configures a product.
/q Sets user interface level (silent).
INSTALLLEVEL=150 Does a complete install.
TRANSFORMS=nnnn.mst Specifies the product language where nnnn is the
transform file name.
Chapter 2: Installing NFS Maestro Client
23
Preserving User Profiles
See Hummingbird
Administrative Tools Help
for more information on
Files and Settings Transfer
Wizard options.
If you choose to preserve user settings on the Product Migration page,
Hummingbird Setup Wizard generates a .Humfst file (Files and Settings
Transfer Wizard-compatible). After default settings from version 11 are
installed, settings from this file are imported to the machine.
This allows for the replaying of the migration process at another time by
using the Files and Settings Transfer Wizard. In addition, there are
properties available in Sconfig that let you import a.Humfst file although an
older product is not installed. This also allows for the migration of product
settings across the usual product boundaries. For example, you can export
settings from an HostExplorer installation into an Exceed installation
during setup.
Product Registration
Online registration is available by:
running Msetup.exe from the product CD, then clicking Register Online
completing and registering the form at the following URL:
http://www.hummingbird.com/register/
Alternatively, complete the registration card provided in the product
package and mail it to Hummingbird Ltd. Registration means that you and
your organization are recognized as a licensed product owner with all rights
and privileges. This makes you eligible to receive a wide range of customer
services, such as a free subscription to our quarterly newsletter, Expos
Online, as well as notification of software updates and new products. If you
and your organization move to a new location, complete and mail the
change of address card included in the product package to ensure that you
continue receiving update notices and other important information.
Chapter 3
Advanced Installation
Controlling Per-User Settings 27
Customizing Files and Folders 28
Adding Registry Entries 28
Updating the Personal User Directory for All Users 29
Passing Arguments to Per-User Settings 30
User Settings Migration 30
Manual User Settings Migration 32
Controlling Uninstallation 32
Customizing Installations with Sconfig 33
How Does Sconfig Work? 33
Overview of Creating Transform Files 34
Opening the MSI and MST Files 36
Customizing Product Installations 37
Product Installation Directories 37
Product Feature Availability 41
File Installation 43
Product Properties 45
Registry Keys 47
Shortcuts for Hummingbird Product Features 49
Hummingbird Metering Settings 52
Environment Variables 53
User Settings 55
Product Profile Spaces 57
Directory Services Settings 58
NFS Maestro Client Properties 60
Saving the MST File 61
Applying the MST File to an Installation 62
Creating Multiple Custom Installations 63
Running Sconfig from a Command Line 64
Chapter 3: Advanced Installation
27
Controlling Per-User Settings
During the installation of Hummingbird Connectivity products, default
profiles and settings are installed in a common location for all users. This
location, including all files and folders, acts as a template collectively known
as the default user directory. When a user launches a component for the first
time (or if Humsettings.exe is launched during login), this template is
copied to a user-specific (per-user) location or personal user directory. The
product CD is not required.
The following are the default (root) directories:
Administrators can refresh default files, profiles, and settings in the default
user directory. Administrators control the global defaults contained in the
default user directory; users control the contents of their personal user
directory. Each application determines what personal data and what global
data exists, but it only reads user-specific settings from the personal user
directory or from the current user's Windows Registry.
Directory Location (Root)
Personal
(Per-User)
AppDataFolder\Hummingbird\Connectivity\version\
Default Program Files\Hummingbird\Connectivity\version\
Default User
Note: Administrators and users should change files and folders
only below the root level.
NFS Maestro Client Users Guide
28
Customizing Files and Folders
Any user who has write access can modify the default user directory;
typically, only Administrators have write access. Both files and registry
entries can be added and removed. Such changes are reflected respectively
in the personal user directory and the current user's Windows Registry.
Administrators can add files or folders below the level of existing root
sub-folders. These files or folders are automatically copied to the personal
user directory. New root level sub-folders are handled by PerUser
Settings.ini located at the root of the default user directory. This file
determines whether or not an installation is required. Hummingbird
Connectivity User Settings are automatically created when a user of the
machine first launches a Hummingbird Connectivity application.
Administrators can change the location of the personal user directory where
the template files and folders are installed. Default locations are based on
registry values. An administrator can change these values (even remotely)
after the initial install.
Adding Registry Entries
Each root-level folder in the default user directory has an associated registry
file. These are stored in the Registry folder. The [Registry Files] section
in PerUser Settings.ini provides a method of associating a .humreg file
(which is actually .reg file format) with an internal folder name. This is
only for installing registry keys and values to the HKEY_CURRENT_USER
registry hive.
Entries in [Registry Files] use the following syntax:
FolderName=Short_humreg|Long_humreg
where Long_humreg represents the path of the file (for example,
Registry\Accessories.humreg) relative to the default user directory root.
Short_humreg is the proper MS DOS 8.3 path name. If the Long_humreg file
is described as a MS DOS 8.3 path, then Short_humreg and the pipe (|)
character can be omitted. Multiple .humreg files can be specified for a single
folder by separating the paths with semi-colons.
Chapter 3: Advanced Installation
29
Updating the Personal User Directory for All Users
When the default user directory is updated, any new personal user
directories automatically get the latest files. For users that already have a
personal user directory, Administrators can use one of the following
methods to update the user files.
Automatic Update
To update the personal user directory for each user automatically (the next
time they use a Hummingbird Connectivity application), update the [Last
Modified] section of PerUser Settings.ini.
Do this by running the following command:
HumSettings.exe UPDATELASTMODIFIED=FolderName
Available folder names are
ExceedMP, HostExMP,
ProfileMP, FtpMP,
CommonMP, SecurityMP,
HumNeighborhoodMP,
DeploymentMP, and
NFSClientMP.
where FolderName is the internal name for one of the top level, default user
directory. Specify multiple directory names by separating the names with
semi-colons. HumSettings.exe is located here:
Program Files\Hummingbird\Connectivity\version\Accessories.
Manual Update
To manually update the personal user folder for a specific user, at the
command prompt type:
HumSettings.exe REFRESH=ALL USER=user_profile_path
where REFRESH=ALL re-installs, repairs, or refreshes all installed product
folders. USER=user_profile_path specifies the profile path for the
personal user directory.
Note: The time stamp is stored in binary format. If you change the
time stamp values manually, you risk having the per-user
installation run multiple times.
NFS Maestro Client Users Guide
30
For example:
HumSettings.exe REFRESH=ALL
USER="C:\Documents and Settings\user"
Passing Arguments to Per-User Settings
When using HumSettings.exe to invoke the per-user installation process,
you can pass parameters that affect the current installation. However, in the
case of a per-user installation triggered by an application, there is not a
command line to pass arguments to the process.
Instead, there is a section in the PerUser Settings.ini file called [PerUser
Installation Parameters] which accepts arbitrary Property names and
values:
[PerUser Installation Parameters]
REINSTALLMODE = ud
"Property" = "Value"
Each key and value pair is treated as an argument to the current per-user
installation.
User Settings Migration
Controlling Migration in Per-User Installations
Migration of user settings takes place at any time after the initial
installation. Starting with version 11, this migration makes use of the Files
and Settings Transfer Wizard engine to automatically upgrade older user
settings to the current version.
Note: Do not include a backslash character (\) at the end of the
USER command. Otherwise, the command line may be
misinterpreted and lead to unexpected results.
Note: There are limitations on parameter usage. For instance, the
INSTALL and USER parameters have no affect because the
installation is being triggered for only the current user.
Chapter 3: Advanced Installation
31
The per-user installation uses the settings found in the [Migration Control
Options] section of the PerUser Migration.ini to control the migration
process. A sample section is as follows:
[Migration Control Options]
Migration Method=Automatic
Migration First Time Only=2
HUMFST Path=C:\Program files\Hummingbird\Connectivity\11.00\
Default User\MigBackupEx.humfst
The Migration Method value controls whether or not the migration takes
place. The value is either Automatic or No Migration.
The Migration First Time Only value determines what to do if the per-
user migration takes place a second time. This can have a value of 0, 1, or 2.
If the value is set to:
0the per-user installation ignores any existing migration cache and
attempts to migrate each time it is activated
1the per-user installation stops migration if any migration cache
exists
2the per-user installation, before stopping, further examines the
migration cache to determine if any new folders require migration
Whenever a Connectivity 11 product upgrades another Connectivity
product, a choice of whether or not to preserve previous settings is
presented by the Hummingbird Setup Wizard (Product Migration dialog
box). At the end of the installation process, if settings were preserved, the
.humfst file generated during the process is put in the Default User
template folder, and the HUMFST Path is updated to reflect this value.
The HUMFST Path value represents the base .humfst file location. The per-
user installation combines the information found within this file for older
products with the .humfst generated for each individual user.
If the HUMFST Path value is empty, the per-user installation uses the
appropriate [Directory Mappings.x.yz] section, where .x.yz is the version
number of the older product. Each section is populated with old Home
directory values from previous versions.
NFS Maestro Client Users Guide
32
Manual User Settings Migration
An alternative to the per-user installation migration, you can use the Files
and Settings Transfer Wizard command line to migrate user settings
(including from one machine to another). This requires a base .humfst file
and the current user .humfst file. The base .humfst file represents a .humfst
exported by the Files and Settings Transfer Wizard at the time the older
product was installed. This is a two-part process:
1 Export the current user .humfst using a command similar to the
following:
Fstwizard.com ACTION=ExportUser USERHUMFST=UserSettings.humfst
2 Import the current user .humfst using a command similar to the
following:
Fstwizard.com HUMFST=Base.humfst ACTION=ImportUser
USERHUMFST=UserSettings.humfst
The export and import commands can take place on different machines.
Controlling Uninstallation
When a Connectivity product is uninstalled, Hummingbird Connectivity
User Settings removes the personal user directory from the current user
profile. To prevent the user directory from being removed, you can set the
PERUSERPRESERVEPROFILES property in Sconfig on the command line of an
uninstall operation.
For complete control, set the property PERUSERUNINSTALLTYPE on the
command line of an uninstall operation. It can be set to a string
representing the exact command line parameters passed to
HumSettings.exe.
Chapter 3: Advanced Installation
33
Customizing Installations with Sconfig
Users in an enterprise have different software needs. Even in the case of a
single application used by many users, differences in user requirements and
granted privileges often necessitate tailored installations. For example, some
users may require product features such as HostExplorer and FTP settings
files to connect to frequently used hosts, while other users may require
specific font settings and features to be installed with their Hummingbird
products.
For more information on
Windows Installer, see the
installation chapter.
Sconfig works with Microsoft Windows Installer database files (.msi and
.mst) to let you create tailored installations of Hummingbird software for
users with different needs.
Sconfig lets you do the following:
Customize the directories in which the product is installed, and add
custom folders.
Tailor the list of applications or components to be installed. You can
alter the list to limit the functionality available to users, or to optimize
the use of disk space.
Simplify user input during installation by preselecting information,
such as the properties of the software being installed.
Manage registration keys and environment variables.
Provide a uniform user experience, and maintain a uniform system
configuration across the network.
How Does Sconfig Work?
Sconfig works with Microsoft Windows Installer database files (.msi and
.mst) to let you create tailored installations of Hummingbird software for
users with different needs. Knowing how these files function together to
configure an installation will help you understand the process of creating a
custom installation with Sconfig.
Note: Sconfig is not installed if you select the Typical installation
type. When installing the Hummingbird software on the
administrator machine, you must choose the Custom or Complete
installation.
NFS Maestro Client Users Guide
34
Microsoft Software Installation Files (.msi) Microsoft Windows
Installer uses Microsoft Software Installation files (.msi) to install the
Hummingbird product. An installation file is a database file that contains
default installation information specifying which product components are
installed and in which directories.
Microsoft Transform Files (.mst) When a user alters an installation in
Microsoft Windows Installer, the changes are not applied directly to the
installation files, but stored in a secondary file called a Microsoft Transform
file (.mst). Like the installation file (.msi), the Microsoft Transform file is a
relational database with information about product components and
installation directories, but the transform file contains only the
amendments a user wants to apply to the default settings contained in the
installation file. The result is a customized installation.
Sconfig and Windows Installer Database Files
Sconfig makes use of the relationship between installation (.msi) files and
transform (.mst) files. Instead of changing the products preconfigured
installation file, Sconfig saves all amendments in a transform file. You can
then package the transform file with an installation and distribute the
customized installation to a target user group. If changes are required in the
future, you can also use Sconfig to open and update previously generated
transform files.
When preparing for multiple custom installations, you need to create a
separate transform file for each group of users. You can then apply each
transform file to the Hummingbird products installation file.
Overview of Creating Transform Files
When you start Sconfig, the Sconfig Wizard opens with a welcome page.
The next two wizard screens let you specify the Hummingbird product
installation file (.msi) you want to work with and the transform file (.mst)
you want to create or modify. The wizard then displays the Customize page.
The option tree located in the left pane of the screen provides access to all of
Chapter 3: Advanced Installation
35
the options and settings that you can use to customize the installation. The
availability of some options is dependent on the Hummingbird application
associated with the installation file you selected and whether you indicate
that you are creating a transform file for a Terminal Services (TSE) client.
The options are grouped into the following categories on the Customize
page:
Product Directories The Directories options let you customize product
directories for the installation of the Hummingbird product. Expand this
option group to access the Custom Folders options to add custom folders to
the installation.
Product Features The Features options let you specify which optional
product features you want to install.
Files These options let you add external files to the Hummingbird
product installation.
Product Properties The Proper ties options let you customize properties
to change the behavior of the installation package and set properties for
Hummingbird product features.
Registry These options let you preset the registry editor for any Windows
operating system registry. The advantage of editing the registry before the
installation is that it saves time, especially when installing for multiple target
machines.
Custom Shortcuts The Shor tcut options let you create custom shortcuts
on user machines for any Hummingbird product feature you add to the
installation database.
Metering Properties. The Metering options let you modify or remove
properties for the Hummingbird Metering Server.
Environment Variables These options let you configure and manage
PATH and other environment variables.
User Settings Transfer These options let you install or migrate
Hummingbird Connectivity product settings.
Profile Spaces These options let you import Profile Spaces created with
Profile Space Editor.
NFS Maestro Client Users Guide
36
Directory Services Properties Available only in NFS Maestro and Exceed
installations, the Directory Services options let you specify property settings
for Hummingbird Directory Services as well as service-specific property
settings for LDAP, NFSD, NIS and NIS+.
NFS Properties Available only in NFS Maestro and Exceed PowerSuite
installations, the NFS Client Settings option lets you modify or remove
properties for NFS Maestro Client.
After you make the necessary modifications in each of the option categories,
the wizard lets you generate and save the transform file (.mst), which you
can then apply to an installation.
Opening the MSI and MST Files
Before you can customize the installation options and settings, you must
use the wizard to specify the installation file (.msi) you want to work with,
as well as the transform file (.mst) you want to create or modify. You can
also indicate if the transform file you want to create is intended for
installation on a terminal server.
To open an MSI and MST file:
1 After you open Sconfig from the Windows Star t menu, a welcome page
opens. Click Next to continue.
2 On the Database Selection page, specify the installation file (.msi) that
you want to customize and click Next. You can choose an installation file
in one of the following ways:
Specify an installation file that you previously configured.
Browse for a new installation file.
Chapter 3: Advanced Installation
37
3 On the Transform Selection page, specify the transform file (.mst) that
you want to create. You can specify a transform file in one of the
following ways:
Specify a transform file that you previously configured.
Browse for a new transform file by clicking the Browse button.
Create a new one yourself. You can do this by clicking the Browse
button and specifying a name and location for the file.
4 If the transform file you want to create is intended for installation on
terminal servers, select Create Terminal Services (TSE) Client Transform.
5 Click Next to continue.
The Customize page opens. This page lets you configure the product
installation options and settings.
Customizing Product Installations
Product Installation Directories
The Directories options let you specify where you want the Hummingbird
product to be installed. Depending on the type of installation you are
configuring, local or Terminal Server (TSE), you can set one or both of the
following directories:
Destination
Current User
Note: If you selected a transform file that was generated with a
previous version of Sconfig, the user interface may differ from
what is documented.
Note: If you selected a TSE-specific .msi file on the Database
Selection page, this option is not available.
NFS Maestro Client Users Guide
38
To customize product installation directories:
1 Click Directories in the option tree. The Directories pane opens.
2 If you are creating a terminal server transform, proceed to step 3.
Otherwise, in the Destination Folder box, type the directory where you
want all non-volatile files to be stored.
3 Select one of the two user directory options. (In TSE mode, only the
first of the following options appears.)
Individual user directoryType the directory where all volatile files
will be stored for the current user. This path is used to generate the
personal user directory for every user of the machine. Use a
property that changes from user to user so that the path us unique
for each. For example, you can use [%USERNAME] or
[AppDataFolder].
Single user directoryType the directory where you want user files
to be shared among all users of the destination machine. This could
be any folder on the machine.
4 If you have made all the necessary modifications, click Next. Otherwise,
select the next option group.
Chapter 3: Advanced Installation
39
Adding Custom Folders to an Installation
This functionality is not
available in TSE mode.
These options let you add your own folders to the directory structure. For
example, if you want add your own fonts to the installation and want them
to be installed in a dedicated folder, you can add a custom fonts folder. Once
you have created custom folders, you can then add subfolders.
To add a folder:
1 In the option tree click Custom Folders under Directories. The Directories:
Custom Folders pane opens.
2 Click Add New. The Add Custom Directory dialog box opens.
3 From the Choose Parent Directory Macro list, select the directory macro
you want to use to create the new folder. The name of the macro
appears in the New Directory Macro box with an incremented number.
The Default Destination Path lists the directory in which the new folder
will be created. The macro you select from the Choose Parent Directory
Macro list determines the location of the new folder.
Note: To add files to a newly created folder, see File Installation
on page 43.
NFS Maestro Client Users Guide
40
4 In the New Directory Name box, assign the new custom folder a name. If
the custom folder name exceeds 8 characters or contains a space, you
must use the following format:
shortname|longname
8.3 file names have a
maximum of 8 characters
optionally followed by a
dot (.) and then a
maximum of three
characters. For example,
you could use myfold~1
for My Folder.
where shortname is an 8.3 MS DOS name for the folder name and
longname is the full folder name.
5 If you want the installation to create the folder even if the folder does
not contain any files, select the Always Create This Folder check box.
6 Click OK to create the custom folder and return to the Directories:
Custom Folders pane.
7 The folder appears in the list of custom directories. If you have made all
the necessary modifications, click Next. Otherwise, select the next
option group.
To add a subfolder:
1 In the option tree, click Custom Folders under Directories. The
Directories: Custom Folders pane opens.
2 On the Directories: Custom Folders pane, select the folder where you
want to add a subfolder and click Add Sub Folder. The Add Custom
Directory dialog box opens with the parent directory macro set by the
custom folder you selected.
The name of the macro appears in the New Directory Macro box with an
new increment number. The Default Destination Path lists the directory
in which the new folder will be created. The macro you select from the
Choose Parent Directory Macro list determines the location of the new
folder.
Chapter 3: Advanced Installation
41
3 In the New Directory Name box, type the name you want to assign the
new subfolder. If the subfolder name exceeds 8 characters or contains a
space, you must use the following format:
shortname|longname
8.3 file names have a
maximum of 8 characters
optionally followed by a
dot (.) and then a
maximum of three
characters. For example,
you could use myfold~1
for My Folder.
where shortname is an 8.3 MS DOS name for the subfolder name and
longname is the full subfolder name.
4 If you want the installation to create the subfolder even if it does not
contain any files, select the Always Create This Folder check box.
5 Click OK to create the custom subfolder and return to the Directories:
Custom Folders pane.
6 The folder appears in the list of custom directories. If you have made all
the necessary modifications, click Next. Otherwise, select the next
option group.
Product Feature Availability
The Features options let you specify the Hummingbird product features you
want to install. Recognizing features commonly used by specific users is
useful when customizing feature installations. Some may use the
Hummingbird product at an administrative level (system administrators)
and will find monitoring, tracing and troubleshooting features very useful
components of their installation. Others who use the product at an
end-user level may have no use for administrative features.
NFS Maestro Client Users Guide
42
The process of selecting features in Sconfig is similar to customizing a
product installation using Windows Installer. Sconfig also lets you specify
sub-features for each feature you enable, and you can install shortcuts to
help users access commonly used features quickly.
To configure the availability of product features:
1 In the Features pane, expand the product feature tree to view the
features available for the product.
2 Select or clear the features you want to add to or remove from the
installation. The Feature Description area provides information on the
selected feature. Check marks indicate that the feature will be installed.
3 If you have made all the necessary modifications, click Next. Otherwise,
select the next option group.
Note: Removing a feature or sub-feature in Sconfig deletes it from
the transform file (.mst). These changes must then be reapplied to
the installation file (.msi) to reflect the update.
Chapter 3: Advanced Installation
43
File Installation
This functionality is not
available in TSE mode.
Sconfig lets you add to the installation external program files such as e-mail,
drawing and graphics files, or other executable files that users need to carry
out routine tasks. You can also specify the destination path for the file and
specify the circumstances under which the file is installed.
To access the Files options:
Click Files in the option tree. The Files pane appears in the wizard window.
To add an external file to an installation database:
1 In the Files pane, click Add. A standard Windows Open dialog box
appears.
2 Select a file and click OK. The Add/Modify File dialog box opens.
3 From the drop-down list, select a destination path folder. This folder
can be a Windows systems folder, a Hummingbird folder, or a custom
folder.
NFS Maestro Client Users Guide
44
4 If you want to add the file to a subfolder within the destination folder,
do the following:
a) Click Add Sub Folder. The Add Custom Directory dialog box opens.
b) In the New Directory Name box, type the name you want to assign
the new subfolder and click OK. If the subfolder name exceeds 8
characters or has a space, you must use the following format:
shortname|longname
8.3 file names have a
maximum of 8 characters
optionally followed by a
dot (.) and then a
maximum of three
characters. For example,
you could use myfold~1
for My Folder.
where shortname is an 8.3 MS DOS file name for the subfolder name
and longname is the full subfolder name.
5 With the Install With Feature drop-down list, you can do one of the
following:
If you select a feature, the file is installed only when the feature is
installed.
If you select Always the file is installed with every installation,
regardless of features.
6 Click OK. The Files pane lists the added file.
7 If you have made all the necessary modifications, click Next. Otherwise,
select the next option group.
To modify external file installation settings:
In the Files pane, select the file and click Modify. The Add/Modify File dialog
box opens. You can change the following settings:
To change the file destination folder, select a new destination path
folder from the drop-down list.
To change the feature with which the file gets installed, from the Install
With Feature drop-down list, select a different feature or select Always
and click OK.
The Files pane lists the external files currently in the installation database. If
you have made all the necessary modifications, click Next. Otherwise, select
the next option group.
Chapter 3: Advanced Installation
45
To remove an external file from an installation database:
In the Files pane, select a file from the list and click Remove. Removing a file
in Sconfig deletes it from the transform file. These changes must then be
reapplied to the installation file to reflect the update when the application is
installed. If you have made all the necessary modifications, click Next.
Otherwise, select the next option group.
Product Properties
Sconfig lets you specify the Hummingbird product properties you want
installed, properties that make the best use of the Hummingbird software
features and that facilitate each users installation session.
The Proper ties pane lists both the properties that are required for product
functionality and the optional properties. You can add optional properties
that customize Hummingbird product features, such as the COMPANYNAME
property which includes the name of your organization in the product
installation. You can also include properties that control user input during
installation, such as the TransformSecure property, which protects your
transform files from user modification. Other optional properties define the
installation behavior of the product, such as the ALLOWBROWSE property,
which lets the product browse to the home directory during an installation.
Note: Removing a file in Sconfig deletes it from the transform file.
These changes must then be reapplied to the installation file to
reflect the update when the application is installed.
NFS Maestro Client Users Guide
46
You can also set properties specifically for NFS Maestro Client. However,
these properties are available only when installing the appropriate
installation files. For more information on NFS Maestro Client properties,
see NFS Maestro Client Properties on page 60.
Modifying and Removing Properties
You can clean the installation database of properties that are no longer in
use. Some scenarios that may require the removal of a property include
changes made to:
feature requirements
user privileges during an installation session
user permissions for the software
To access the Properties options:
Click Proper ties in the option tree. The Proper ties pane appears in the wizard
window.
Chapter 3: Advanced Installation
47
To add a property to an installation database:
1 In the Proper ties pane click Add. The Add Proper ty dialog box opens.
2 From the first drop-down list, select a property. The bottom panel of
the dialog box provides the validation information for the property.
3 In the second drop-down list box, type or select a value for the new
property and click OK.
4 The Proper ties pane appears listing the new property you added to the
installation database. If you have made all the necessary modifications,
click Next. Otherwise, select the next option group.
To modify a property in an installation database:
1 In the Proper ties pane, select a property.
2 Click Modify. The Modify Proper ty dialog box opens. The bottom panel
of the dialog box provides the validation information for the property.
3 In the drop-down list box, type or select a new value for the property
and click OK.
4 The Proper ties pane lists the properties currently added to the
installation database. If you have made all the necessary modifications,
click Next. Otherwise, select the next option group.
To remove a property from an installation database:
In the Proper ties pane, select a property from the list and click Remove. If
you have made all the necessary modifications, click Next. Otherwise, select
the next option group.
Registry Keys
Sconfig lets you customize the general software settings of your
Hummingbird product. After your Hummingbird product installation file
installs the custom components and files on the target machine, it can write
the custom registry keys and values set in Sconfig to the system registry. You
establish the keys and values the installation file writes to the system registry
by setting them up in the transform file in generated in Sconfig.
NFS Maestro Client Users Guide
48
To access the Properties options:
Click Proper ties in the option tree. The Proper ties pane appears in the wizard
window.
To add a registry key to an installation database:
1 In the Registry pane, click Add. The Add/Modify Registry Entry dialog box
opens.
2 In the Root drop-down list, select a hive name.
3 In the Data Type drop-down list, select a data value type.
4 In the Key box, type the registry key name.
5 In the Value Name box, type the registry value name.
6 In the Value Data box, type the registry data value and click OK. The
Registry pane appears listing your new keys. When they are available,
you can use the Hexadecimal and Decimal radio buttons to convert the
value data from base-16 number system to base-10 or vice versa.
7 If you have made all the necessary modifications, click Next. Otherwise,
select the next option group.
Chapter 3: Advanced Installation
49
To modify a registry key in an installation database:
In the Registry pane, select the registry entry you want to modify and click
Modify. The Add/Modify Registry Entry dialog box opens. When you have
made the necessary changes, click OK. The Registry pane lists the registry
keys currently in the installation database. If you have made all the
necessary modifications to the installation options, click Next. Otherwise,
select the next option group.
To remove a registry key from an installation database:
In the Registry pane, select a registry key from the list and click Remove. If
you have made all the necessary modifications, click Next. Otherwise, select
the next option group.
Shortcuts for Hummingbird Product Features
This option lets you provide users with quick access to commonly used
Hummingbird components. You can create and store shortcuts in existing
Hummingbird folders, or create custom folders for your shortcuts.
NFS Maestro Client Users Guide
50
To access the Shortcut options:
Click Shor tcut in the option tree. The Shortcut pane appears in the wizard
window.
To set a custom shortcut:
You can drag and drop
items in the Shortcut tree.
1 In the shortcut tree displayed in the Shor tcut pane, right-click the folder
to which you want to add a new shortcut. In the pop-up menu, click
Add Shor tcut Here. The settings appear on the right side of the wizard
window.
2 In the Name text box, type the name of the shortcut that you want add.
To rename a shortcut, select the name of the shortcut in the Name box
and enter the new name. The name must appear in the format:
short name|long name
8.3 file names have a
maximum of 8 characters
optionally followed by a
dot (.) and then a
maximum of three
characters. For example,
you could use myfold~1
for My Folder.
where the short name is an 8.3 MS DOS name and the long name is the
name of the shortcut as it appears on the Windows desktop. For
example,
ExceedF|Exceed Finger
3 If you want to include a description for the shortcut, into the Description
text box, type a description for the shortcut. The description you type
will appear when users move the mouse pointer over the shortcut icon.
4 From the Install With drop-down list, select the component for which
you want to provide a shortcut. The installer uses the installation state
of this component to determine whether to create or delete the
shortcut.
5 From the Target drop-down list, select the destination folder of the
component for which you want to provide a shortcut.
Note: For advertised shortcuts, the file launched by the shortcut is
the file associated with this feature. When you activate this
shortcut, Windows Installer verifies that all components in the
feature are installed before launching the file. For non-advertised
shortcuts, the field should contain a property identifier enclosed in
square brackets.
Chapter 3: Advanced Installation
51
6 The Default Path text box displays the destination path of the
component for which you want to create a shortcut.
7 If you want to provide any arguments for this shortcut, type them into
the Arguments text box.
8 In the Icon area, click Select to launch the Change Icon dialog box. In this
box, select an icon to associate with the shortcut and click OK. The icon
you selected is displayed in the wizard.
9 If you have made all the necessary modifications, click Next. Otherwise,
select the next option group.
To create custom folders for shortcuts:
In the Shortcut tree displayed in the Shor tcut pane, right-click the folder to
which you want to add a new folder for your shortcut. In the menu, click
Add Folder.
If you want to remove a custom folder, click Remove Folder. If you have
made all the necessary modifications, click Next. Otherwise, select the next
option group.
To modify a shortcut:
In the Shortcut tree displayed in the Shor tcut pane, click the shortcut you
want to modify. The settings you can edit are displayed on the right side of
the wizard.
To remove a shortcut:
In the Shortcut tree displayed in the Shor tcut pane, right-click the shortcut
you want to remove. In the menu, click Delete Shor tcut. If you have made all
the necessary modifications, click Next. Otherwise, select the next option
group.
NFS Maestro Client Users Guide
52
Hummingbird Metering Settings
The Sconfig interface provides you with the information you need to
manage Metering settings. You can modify property settings or delete
unwanted properties.
The Metering pane lists the available Metering properties. It also displays the
setting or value currently associated with the property and defines the
property so that you can make the necessary changes.
To access the Metering options:
Click Metering in the option tree. The Metering pane appears in the wizard
window.
To modify a property setting:
1 In the Metering pane, select the property you want to modify. Its current
setting (if any) and a description are provided in this pane.
2 Click Modify. The Modify Proper ty dialog box opens and identifies the
property you are modifying and its current setting.
Note: Some properties cannot be deleted.
Chapter 3: Advanced Installation
53
3 Specify the new value. Tips are provided at the bottom of the dialog
box.
4 Click OK.
5 If you have made all the necessary modifications, click Next. Otherwise,
select the next option group.
To remove a Metering property:
In the Metering pane, select the property you want to remove, and click
Remove. If you have made all the necessary modifications, click Next.
Otherwise, select the next option group.
Environment Variables
You can use the Environment Variables options to customize PATH and
other environment variables for the installation.
Note: The METERINGRETRYINTERVAL and
METERINGRETRYCOUNT values must be numbers that are
prefixed by the number (#) character.
NFS Maestro Client Users Guide
54
When customizing variable values, keep the following rules in mind:
If you specify no value for a variable, the variable is removed.
To append a value to an existing variable, prefix the value string with
the Null [~] symbol and the separator character. For example, if the
semicolon is the chosen separator, you type the following: [~];value.
To prefix a value to an existing variable, append the value string with
the separator character and the Null [~] symbol. For example, if the
semicolon is the chosen separator, you type the following: value;[~].
If no Null[~] symbol is present, the string represents the entire value
you want to set or delete.
To avoid unpredictable results, specify only one value per variable. For
example, you should avoid the following: value;value;[~].
To access these options:
Click Environment Variables in the option tree. The Environment Variables
pane opens.
To add a custom environment variable to an installation database:
1 Click Add. The Add dialog box opens.
2 Type or select a variable from the Variable Name drop-down list. The
Variable Value for Current User box displays the value of the specified
variable if it exists.
3 In the Variable Value box, specify the value for the variable.
4 Use the Apply To All Users setting to indicate whether you want the
variable to apply only to the current user, or to all users of the target
machine.
5 Click OK. The environment variable appears in the wizard window.
6 If you have made all the necessary modifications, click Next. Otherwise,
select the next option group.
Chapter 3: Advanced Installation
55
To modify an existing environment variable:
1 In the Name column, select the variable you want to modify and click
Modify. The Modify dialog box opens displaying the current settings for
the selected variable.
2 You can make the following modifications:
In the Variable Value box, specify a new value for the variable.
Use the Apply To All Users setting to indicate whether you want the
variable to apply only to the current user, or to all users of the target
machine.
3 Click OK.
4 If you have made all the necessary modifications, click Next. Otherwise,
select the next option group.
To remove an environment variable from an installation database:
In the Name column, select the variable you want to delete and click
Remove. The variable is removed from the Environment Variable list in the
wizard window. If you have made all the necessary modifications, click Next.
Otherwise, select the next option group.
User Settings
These options let you migrate Hummingbird Connectivity product settings
by allowing you to include, in the installation, settings transfer files
(.humfst) generated with Files And Settings Transfer Wizard. These files
contain registry entries and user settings for any Hummingbird
Connectivity product.
NFS Maestro Client Users Guide
56
For information on creating settings transfer files, see Files And Settings
Transfer Wizard Help.
To add a settings file to an installation database:
1 In the User Settings Transfer pane, click Add. The Add dialog box opens.
2 Use the Sequence box to specify the order in which you want Sconfig to
add the file to the installation.
3 Use the browse button to select the settings transfer file you want to add
to the installation.
4 If you what the file to be added to the installation only under specific
circumstances, you can use the Condition box to include Microsoft
Windows Installer conditions or other supported properties.
5 In the Description box, you can provide a useful description of the
settings transfer file if necessary.
6 Click OK. The file appears in the User Settings Transfer pane with the
information you specified.
Chapter 3: Advanced Installation
57
To modify the settings of a previously added settings transfer file:
In the User Settings Transfer pane, select the settings transfer file for which
you want to modify the inclusion settings and click Modify. In the Modify
dialog box, make the necessary change, and click OK.
To remove a previously added settings transfer file from an installation
database:
In the User Settings Transfer pane, select the settings transfer file you want to
remove and click Remove.
Product Profile Spaces
Profile Spaces provide administrators with the ability to distribute profiles
to multiple end users by creating a variety of profiles and placing them in
specific locations (Profile Spaces). Each Profile Space can be assigned
different access privileges. By default, Connectivity applications are
installed with one Profile Space (My Profile Space), but administrators can
create additional spaces and designate any of them as the default Profile
Space.
Profile Space Editor is the tool for creating and registering new File System
or LDAP Profile Spaces. Sconfig lets you import, into the installation
database, the Profile Spaces you create with the wizard. For more
information on creating Profile Spaces, see Profile Space Editor Help.
NFS Maestro Client Users Guide
58
To import Profile Spaces:
1 On the machine running Sconfig, launch the Profile Space Editor from
the Star t menu and create the necessary Profile Spaces.
2 On the Sconfig Customize page, open the Profile Spaces pane.
3 Click Impor t. Sconfig imports all Profile Spaces found on the local
machine.
The imported Profile Spaces appear in the Profile Spaces pane. A check
mark indicates which is the default.
To remove a Profile Space:
In the Profile Spaces pane, select the Profile Space you want to remove and
click Remove.
Directory Services Settings
Before you configure Hummingbird Directory Services settings in Sconfig,
it is recommended you configure a local installation of Hummingbird
Directory Services. You can then import the settings into Sconfig to add
them to the installation database. The Sconfig interface provides you with
the information you need to then modify or remove the settings for LDAP,
NFSD, NIS and NIS+ directory services if necessary.
The Directory Services pane lists the available properties. It also displays the
setting or value currently associated with the property, if any, and defines
the property so that you can make any necessary changes.
Warning! Before importing, Sconfig deletes all Profile Spaces
that already exist in the transform file (.mst). Any of these deleted
spaces that is not represented locally is lost.
Note: The Profile Space is removed from the transform file (.mst)
only. It is not removed from the local machine.
Chapter 3: Advanced Installation
59
To access the Directory Services options:
To view common properties, click Directory Services in the option tree.
The Directory Services pane appears in the wizard window listing
common properties.
To view service-specific properties, expand the Directory Services
option tree item, and click the directory service (LDAP, NFSD, NIS, or
NIS+) you want to manage.
To import Directory Services property settings:
1 Ensure that the local installation of Hummingbird Directory Services is
configured as required.
2 In the option tree, select the directory service type for which you want
to import a property.
3 Click Impor t. Sconfig reads and imports the values from all the registries
for Directory Services, and lists the imported values in the Value
column.
4 If you have made all the necessary modifications, click Next. Otherwise,
select the next option group.
NFS Maestro Client Users Guide
60
To modify Directory Services property settings:
1 In the option tree, select the directory service type.
2 In the pane that appears, select the property you want to modify. Its
current setting (if any) and a description are provided in this pane.
3 Click Modify. The Modify Proper ty dialog box opens and identifies the
property you are modifying and its current setting if any.
4 Specify the new value. Tips are provided at the bottom of the dialog
box.
5 Click OK.
6 If you have made all the necessary modifications, click Next. Otherwise,
select the next option group.
To remove a Directory Services property:
Select the property you want to remove, and click Remove. If you have made
all the necessary modifications, click Next. Otherwise, select the next option
group.
NFS Maestro Client Properties
The NFS Client Settings options are available, only if you are customizing
an NFS Maestro product or Exceed PowerSuite installation. The NFS Client
Settings let you modify or remove properties for NFS Maestro Client, such
as Maestro.NFSClient.UseDOSStyleSharing, which enables file sharing
common to most Windows file operations.
To access the Properties options:
Click NFS Client Settings in the option tree. The NFS Client Settings pane
appears in the wizard window.
Note: If you have not imported property settings from a local
installation of Hummingbird Directory Services, no values will be
displayed.
Chapter 3: Advanced Installation
61
To modify an NFS Client property in an installation database:
1 In the NFS Client Settings pane, select a property.
2 Click Modify. The Modify Proper ty dialog box opens.
The bottom panel of the dialog box provides the validation information
for the property.
3 In the drop-down list box, type or select a new value for the property
and click OK. The NFS Client Settings pane lists the properties currently
added to the installation database.
4 If you have made all the necessary modifications, click Next. Otherwise,
select the next option group.
To remove an NFS Client property from an installation database:
In the NFS Client Settings pane, select a property from the list and click
Remove. If you have made all the necessary modifications, click Next.
Otherwise, select the next option group.
Saving the MST File
After you customize the Hummingbird product installation options, the
Sconfig wizard lets you save the transform file (.mst).
To save the .mst file:
1 In Sconfig Wizard, click Next. The Ready to Commit page opens
confirming that you are about to save your configurations to a
transform file.
2 Click Next to create the transform file (.mst). This process is automatic
and does not display on screen. The Complete page opens, confirming
that you have created your transform file.
NFS Maestro Client Users Guide
62
3 If you want to create a command (.cmd) or batch (.bat) file that will
launch Setup with the new transform file, select the option at the
bottom of the wizard and use the browse button to specify the file name
and location. If you do not select this option, you can follow the
instructions provided by the wizard for adding the transform file to the
CmdLine entry of the setup.ini file. For more information, see
Applying the MST File to an Installation on page 62.
4 Click Finish to exit Sconfig.
Sconfig saves the transform file (.mst) in the same folder as the installation
file (.msi). This makes it easier for users to find when they want to access
the file from the administrative installation point.
Applying the MST File to an Installation
After you have created a transform file (.mst), you can use it to customize
Hummingbird product installations. If, on the last page of the wizard, you
did not opt to generate a command file that launches Setup with the new
transform file, you can apply the transform file to the installation file
manually. To do this, you must tell the setup.exe where to find your
transform file.
To change the setup.exe:
For more information on
installing with an .mst file,
see the Sconfig online
help.
1 In Windows Explorer, browse to the folder that contains the setup.ini
file of your Hummingbird product.
2 Open the setup.ini file.
3 On the line beginning with CmdLine, add the following text:
TRANSFORMS=full path to the .mst file
For example, the CmdLine for Hummingbird YourProduct would look like
this:
CmdLine=TRANSFORMS=c:\Hummingbird YourProduct.mst
where YourProduct is the Hummingbird Connectivity product you are
customizing.
Chapter 3: Advanced Installation
63
4 On the File menu, click Save.
5 On the File menu, click Close.
The new CmdLine in the setup.ini file tells the setup program to
incorporate the new transform file in the program installation. When you
run setup.exe, it uses both the original installation file, and the transform
file that you created using Sconfig.
Creating Multiple Custom Installations
Multiple custom installations are necessary for disparate users with
different development needs. Rather than having users sift through a large
Hummingbird product installation, use Sconfig to package custom
installations for each user.
To create another .mst file:
1 Open Sconfig and browse to a new transform file (.mst).
2 Create and save the transform file (.mst) to the administration
installation point.
3 If you want to create more transform files for custom installations,
repeat steps 1-2.
4 To use your new transform file (.mst), launch the Setup Wizard by
using the following command:
setup /v"TRANSFORMS=c:\YourTransform.mst"
This way, multiple transform files can exist in one source location, without
the need for repeated modifications to the setup.ini file.
NFS Maestro Client Users Guide
64
Running Sconfig from a Command Line
You can use a command-line prompt to generate transform files and to
apply them to an installation file (.msi).
Generating a Transform
Use the following command to generate a transform file:
-g basedb newdb transform [error/validation conditions]
where:
basedb is the installation file you want to use to create the transform file
newdb is the name of the new installation file that contains changes that
you want to add to the transform
tranform is the file name of the transform file you want to create
error is the code for any errors you want to suppress
validation conditions is the code for any conditions under which a
transform can be applied to a package
Applying a Transform File
Use the following command to apply a transform file to an installation file
(.msi):
-a transform database [error conditions]
where:
transform is the transform file you want to apply
database is the installation file to which you want to apply the
transform
error conditions is the code for any errors you want to suppress
Chapter 3: Advanced Installation
65
Error Conditions
The following table lists the error that you can suppress when applying a
transform:
Validation Conditions
The following table lists the validation conditions you can apply to the
transform file:
Code Definition
a Add existing row.
b Delete non-existing row.
c Add existing table.
d Delete non-existing table.
e Modify existing row.
f Change codepage.
Code Definition
g Check upgrade code.
l Check language.
p Check platform.
r Check product.
s Check major version only.
t Check major and minor versions only.
u Check major, minor, and update versions.
v Applied database version < base database version
NFS Maestro Client Users Guide
66
w Applied database version <= base database version.
x Applied database version = base database version.
y Applied database version >= base database version.
z Applied database version > base database version.
Code Definition
Chapter 4
Basic Concepts
The Network File System (NFS) Protocol 69
The Remote Procedure Call (RPC) Protocol 69
Daemons Required for NFS 70
The Connection Process 71
File Locking vs. Record Locking 72
Symbolic Links 73
Creating Symbolic Links from the Command Line 74
Creating Symbolic Links with the Create Symbolic Link Wizard 75
Authentication Protocols 76
The Authentication Process 76
NFS Credentials 77
AUTH_SYS/AUTH_UNIX Authentication 78
AUTH_DH/AUTH_DES Authentication 78
RPCSEC_GSS Authentication 79
Authorization 82
UNIX Permissions 82
NTFS Permissions 84
The Network Component (Hummingbird NFS) 86
Configured NFS Hosts Container 86
Directory Service Automounts Container 87
Directory Service Hosts Container 91
Listing and Exploring NFS Resources 91
Creating Custom Containers 92
Importing and Exporting NFS Host Information 94
Chapter 4: Basic Concepts
69
The Network File System (NFS) Protocol
Sun Microsystems defines
the NFS version 2, 3, and 4
specifications in RFC 1094,
RFC 1813, and RFC 3010,
respectively.
The Network File System (NFS) protocol was developed by Sun
Microsystems to facilitate the sharing of resources across networks and
across different operating systems. The protocol defines two participants:
NFS Server A remote host (a UNIX server, mainframe computer,
workstation, or PC) that exports (shares) local resources such as filesystems
and printers to NFS clients on the network. Most server operating systems
come with NFS server software.
NFS Client A computer that accesses resources exported by an NFS server
on the network. You install NFS Maestro Client software on this machine.
The client then uses the NFS protocol to communicate with NFS servers.
The NFS protocol operates independently of operating systems and
machine architecture. An NFS client of one type of architecture can access
resources exported by an NFS server of a possibly different architecture; the
shared resources appear to the client as if they were stored locally on the
client machine.
The Remote Procedure Call (RPC) Protocol
Communication between an NFS client and an NFS server uses the Remote
Procedure Call (RPC) protocol. RPC lets a client communicate with a server
through a set of predefined procedures. The client executes (or calls) a
given procedure on the server with a certain set of arguments; the server
executes the procedure and sends a return value back to the client.
When you use NFS Maestro Client to access resources on a remote NFS
server, you are really sending a series of RPCs to the server that execute your
access request.
For more information on
authentication credentials,
see Authentication
Protocols on page 76.
Each procedure call is a block of data. The block contains a header that
includes authentication credentials. The content of the credentials depends
on the authentication protocol in use.
NFS Maestro Client Users Guide
70
Secure RPC
Secure RPC is a form of RPC that includes both an identifier and a verifier
in the credentials section of the procedure header. The term Secure RPC
applies specifically to the AUTH_DH/AUTH_DES protocol (which uses
DES credentials), but any authentication protocol that includes an identifier
and a verifier in its credentials is a secure form of RPC.
Daemons Required for NFS
To support connections to exported resources, an NFS server must be
running the following daemons:
Daemon Description
portmapper
(rpc.bind)
Provides port information to clients requesting RPC services
from the server.
mountd Determines which filesystems and devices are available to
specific machines and users. This daemon uses the RPC
protocol to answer a client request to connect to a
filesystem. The daemon finds out which filesystems are
available by reading the /etc/exports or
/etc/dfs/sharetab file.
Note: This daemon is not required if the resource has been
exported using NFS version 4.
hclnfsd
(or pcnfsd)
Provides authentication and print spooling. This daemon
grants a client access to an NFS resource by comparing a
user name and password to a list of authorized users.
pcnfsd is shipped with most UNIX systems. As an
alternative, you can use the Hummingbird daemon, hclnfsd,
if it has been installed on the NFS server. hclnfsd also
provides file-locking support.
nfsd Handles client NFS filesystem requests.
nlockmgr Provides file-locking. For NFS Maestro Client purposes,
nlockmgr is only required if hclnfsd is not used or if there are
other machines not running NFS Maestro Client (for
example, UNIX or Macintosh) that access the same NFS
server.
Chapter 4: Basic Concepts
71
For more information on
hclnfsd, see The hclnfsd
Daemon on page 253.
The NFS Maestro Client product CD includes hclnfsd in source code format
to accommodate most UNIX systems. To use hclnfsd, you must transfer the
source code to the UNIX server and compile it.
Pre-compiled versions of hclnfsd are available at the following FTP site:
ftp.hummingbird.com
The Connection Process
Connecting to a filesystem and mounting a filesystem are synonymous;
both phrases mean that you are accessing the exported resources on an NFS
server from your local machine.
The process of connecting to an NFS filesystem is as follows:
1 The client contacts the NFS server and looks for the portmapper
daemon.
2 If the portmapper daemon is found, the client requests server port
numbers for mountd, hclnfsd (or pcnfsd), and nfsd.
3 The client searches for mountd and nfsd on the server.
For more information on
credentials, see
Authentication Protocols
on page 76.
4 If mountd and nfsd are found, the client sends its credentials to the
server for authentication.
If the client does not have NFS credentials, the client first retrieves them
from an authentication agent. The agent may be the hclnfsd/pcnfsd
daemons running on the server or on another server, or it may be a
directory service such as NIS, NIS+, or LDAP.
If the client sends the credentials for the root user (UID = 0), the server
usually maps the client to the nobody user. This behavior is set by the
server administrator.
5 The client sends its NFS credentials, PC name, IP address, and the
requested filesystem to mountd.
6 mountd verifies the supplied client name and IP address using either
the Directory Name Services (DNS) or the /etc/hosts file. If the client
is allowed access to the requested filesystem, mountd connects the client
to the filesystem and returns information to the client.
NFS Maestro Client Users Guide
72
7 The client does the following:
a) Calls portmapper for the quotad port.
b) Calls nfsd for filesystem details.
c) Instructs hclnfsd or lock manager to remove all locks.
8 The client caches directory and file information and establishes a logical
drive on the remote host.
Clients can connect to (or mount) any part of an exported filesystem. The
underlying portion of the connected filesystem is available until it is
disconnected.
Example
The directory /export/home/users/test is exported on an NFS server.
Under this directory is a subdirectory called docs. If you connect to the
parent filesystem, /export/home/users/test, you can access any of its
contents, including any files in the docs subdirectory. If you connect to the
docs subdirectory instead, you cannot access the resources in the parent
directory, test, but you can access anything in docs.
File Locking vs. Record Locking
When multiple applications access shared resources in a network
environment, the operating system prevents data loss by locking the
resources. There are two types of locking:
File Locking Permits one client to open a resource and prevents other
clients from accessing the same resource while it is open. File locking is also
called share locking or file sharing.
Record Locking Permits a client to lock only a record or group of records.
Record locking lets multiple users access the file but prevents simultaneous
record access. Record locking is also called byte-range locking.
Chapter 4: Basic Concepts
73
Applications vary in their implementation of file locking and record
locking. Some lock files; others do not. Some do not lock records; some lock
only the record being accessed; others lock records from the one in use to
the end of the file.
An application might open a file, make a working copy, and close the file.
However, if for some reason the file remains open, it is usually locked to
other users. Accessing a locked file produces an Access denied, File
locked, or Sharing Violation error message.
Windows implements mandatory locking, in which applications and users
must obey the restrictions imposed by a lock. UNIX implements advisory
locking, in which applications and users voluntarily obey locks.
Symbolic Links
A symbolic link, also called a soft link or symlink, is a special type of
UNIX file that refers to another file or directory. There are no restrictions
on where a symbolic link can point; it can refer to a file or directory on
another filesystem or computer, to itself, or even to a file or directory that
does not exist.
Once a symbolic link is created, you can perform regular file management
operations on it as you would for its source. If the source to which a
symbolic link points is moved or deleted, the symbolic link still exists.
However, it will cease to work.
A symbolic link is created using the ln command and/or the Create
Symbolic Link Wizard in NFS Maestro Client.
NFS Maestro Client Users Guide
74
Creating Symbolic Links from the Command Line
For more information on
available commands, see
Command Line
Applications on page 5.
You can run most NFS Maestro Client applications from the command line.
Several applications run from the command line only.
To create a link from the command line:
For more information about
the ln command, see NFS
Maestro Client Help.
In the command line, type the following command:
ln [-f] [-s] source target
where:
For more information, see
Specifying Network
Paths on page 101.
source is the path name of the file or directory to be linked (for
example, \\nfsserver\share\file). You can specify this information
using any of the supported formats.
target is the name or destination directory of the link to be created.
-f specifies that you want to hide all error or warning messages that
may occur when creating the link.
-s specifies that you are creating a symbolic link.
NFS Maestro Client notifies you if the creation is successful. You can verify
that the symbolic link was created by running the ls command line
application. Alternatively, you can check the symbolic link in Windows
Explorer: If you linked a directory, it should appear as a folder.
Note: You must specify the -s option for the command in order to
create symbolic links.
Chapter 4: Basic Concepts
75
Creating Symbolic Links with the Create Symbolic Link
Wizard
For more information on
the features of the Create
Symbolic Link wizard, see
NFS Maestro Client Help.
The Create Symbolic Link wizard lets you create symbolic links to resources
residing on mapped NFS drives.
To create symbolic links using the Create Symbolic Link wizard:
1 In Windows Explorer, navigate to a local drive that is connected to an
NFS filesystem.
2 Right-click in Windows Explorer. In the popup menu that opens, point
to New and click Symbolic Link.
3 In the Create Symbolic Link Wizard that opens, type or browse to the file
or directory to be linked.
If you do not want to be prompted with error or warning messages that
may occur when creating the link, select Create Symbolic Link Without
Prompting The User. By default, this option is not enabled.
4 Click Next to proceed to the second page of the wizard.
5 In the Select A Name For Symbolic Link page that opens, specify the name
of the symbolic link you want to create, and click Finish.
You can verify that a valid symbolic link was made by checking in Windows
Explorer: If you linked a directory, it should appear as a folder.
NFS Maestro Client Users Guide
76
Authentication Protocols
Computer systems usually attempt to verify the identity of clients that
request access to system resources. The process in which one party verifies
the identity of another is known as authentication.
In NFS, authentication is the process of validating the credentials supplied
by an NFS client. Valid credentials identify the client as a recognized
member of the NFS name space. Clients that either present invalid
credentials or do not present any credentials may be denied access to shared
NFS resources.
NFS Maestro Client supports three authentication protocols:
AUTH_SYS/AUTH_UNIXAuthentication using UNIX credentials.
AUTH_DH/AUTH_DESSecure RPC authentication using Data
Encryption Standard (DES) credentials.
RPCSEC_GSSAuthentication using Kerberos credentials.
The Authentication Process
The basic model of authentication runs as follows:
1 In order to access a resource on a particular server, a client presents its
credentials to an authentication agent. The authentication agent runs
on the server or on the network and is responsible for authenticating
clients. The supplied credentials typically consist of the following:
an identifier (such as a name) that identifies the client
Usually, the verifier is
known only to the client
and the agent.
a verifier (such as a password) that proves that the supplied
identifier really represents the client
2 The authentication agent verifies the supplied credentials against
information stored in an authentication repository. The repository is a
secure facility that stores the credentials (or the information needed to
verify them) for all valid clients of the server.
Note: If you have configured NFS Maestro Client for
AUTH_DH/AUTH_DES or RPCSEC_GSS authentication, you
cannot use Windows Explorer to connect to NFS resources.
Chapter 4: Basic Concepts
77
3 If the information retrieved from the repository matches the supplied
credentials, the server considers the client authentic and processes its
access request. If there is no match, one of two outcomes is possible
(depending on the system configuration):
the server denies the client access to the requested resource
the server grants the client limited access under a special account
NFS Credentials
Credentials in NFS v4
consist of owner and
owner-group names rather
than numeric values.
NFS credentials typically consist of a User Identification (UID) value and
one or more Group Identification (GID) values. The client includes its UID
and GID(s) in all NFS transactions with the server (reading a file, writing to
a file, and so on).
The default authentication repository for NFS credentials consists of the
/etc/passwd and /etc/group files (or equivalent) on either the NFS host or
authentication server, depending on the location of the authentication
agent. The /etc/passwd file associates valid user names with their password,
UID, and primary GID. The /etc/group file associates the ID of valid
groups with the UIDs of group members.
For more information on
binding to a directory
service, see Hummingbird
Directory Services Help.
If the NFS network you are accessing belongs to a directory service domain,
the domain server can function as the authentication repository. On a NIS
server, for example, the passwd.byname and group.bygid maps are
equivalent to the /etc/passwd and /etc/group files. On a NIS+ server, the
passwd table is the equivalent for both. To use a directory service as an
authentication repository, you must first bind to the service.
The actual content of the credentials supplied by the client depends on the
authentication protocol you use to secure the resource.
Note: Authentication does not guarantee access to resources: a
given resource may be authorized for use only by a particular
client or group of clients. Once a client has verified its identity, it
must have the correct authorization to access the resource;
otherwise, its request is denied.
NFS Maestro Client Users Guide
78
AUTH_SYS/AUTH_UNIX Authentication
The AUTH_SYS/AUTH_UNIX protocol is the default authentication
protocol on most UNIX systems. In this protocol, every valid user name has
associated with it a user ID (UID) and one or more group IDs (GIDs).
UNIX systems denote users in terms of UIDs and GIDs; these numeric
codes determine a users access rights to resources and services.
The AUTH_SYS/AUTH_UNIX credentials for a given user consist only of
an identifiera UID and one or more GIDs. The credentials do not include
a password or other form of verifier.
Although AUTH_SYS/AUTH_UNIX credentials do not contain a verifier,
you cannot login to a UNIX host without supplying a user name and
password. The UNIX login process supplies the verification step that the
AUTH_SYS/AUTH_UNIX protocol lacks.
When you use NFS Maestro Client to access remote NFS resources, you
must supply a valid user name and password as if you were logging into the
remote NFS server. NFS Maestro Client lets you specify the authentication
name and password you use for AUTH_SYS/AUTH_UNIX.
AUTH_DH/AUTH_DES Authentication
The AUTH_DH/AUTH_DES protocol provides a more secure means of
communication than AUTH_SYS/AUTH_UNIX. In general, the
communication is between a client and a server over an insecure network.
The basis of AUTH_DH/AUTH_DES is a key (a large number) that is
unique to the client and server and that both parties can generate
independently using information known only to them. Each party uses this
common key to form its credentials for communicating with the other
party. In other words, each party acts as the others authentication agent. A
third party cannot generate the common key for a given client and server
and therefore cannot impersonate either party.
AUTH_DH/AUTH_DES uses Data Encryption Standard (DES) credentials
for authentication. When you send an RPC under this protocol, the
procedure header contains your DES credentials.
The AUTH_DH/AUTH_DES authentication repository is a NIS+ server.
The cred table for a given NIS+ domain stores the information that a given
client and server need in order to form their DES credentials.
Chapter 4: Basic Concepts
79
The cred table also stores the local NFS credentials for user clients.
Although DES credentials are sufficient for authentication, you still need
NFS credentials to connect to an NFS resource. Therefore, when you
configure NFS Maestro Client for AUTH_DH/AUTH_DES, it retrieves your
local and DES credential information from the cred table.
RPCSEC_GSS Authentication
The RPCSEC_GSS authentication protocol provides a secure form of RPC
using a generic security service (GSS). RPCSEC_GSS hides the
implementation details of the security service from the service user.
NFS uses Kerberos version 5 (V5) as the generic security service beneath
RPCSEC_GSS. Therefore, to secure your network transactions using
RPCSEC_GSS, you must install one of the following Kerberos clients:
Hummingbird Connectivity Kerberos client. This client is available as a
free download from the following site:
http://connectivity.hummingbird.com/getkerberos
MIT Windows client for Kerberos V5. For more information on the
MIT Kerberos client, see the following site:
http://web.mit.edu/kerberos/www/
Alternatively, if you are using Windows 2000+, you can use Microsoft SSPI
as the GSS provider.
Supported GSS Providers
NFS Maestro Client supports the following GSS providers:
MIT Kerberos for Windows
Windows SSPI
Connectivity Kerberos
Note: If you have installed both Kerberos clients, NFS Maestro
Client uses the tickets generated by Connectivity Kerberos.
NFS Maestro Client Users Guide
80
Service Types
When you use RPCSEC_GSS authentication, you can select from three
service types:
Kerberos
Kerberos is a security authentication protocol developed at MIT. The
protocol provides a secure means of communication between two parties
across an insecure network. In general, the communication is between a
user and a remote service.
In order to communicate securely, each party proves its identity to the other
using a pair of encrypted credentials that a third party, the Kerberos service,
generates. In effect, each party serves as the others authentication agent.
Only the user, remote service, and Kerberos service know the keys necessary
to decrypt the credentials. The protocol therefore prevents a third party
from impersonating either of the original parties.
RPCSEC_GSS secures the communication channel between NFS Maestro
Client and an NFS server. In order to connect to NFS resources, you must
still supply credentials that authorize you to access those resources. To do
so, you must bind to a NIS/NIS+/LDAP server to retrieve your NFS
credentials. NFS Maestro Client retrieves your NFS credentials based on
your Kerberos principal name.
Service Type Description
None Provides RPC header verification only.
Integrity Service Includes a checksum of the message data in each message
to guard against corruption or tampering. The service also
provides header verification.
Privacy Service Provides header verification and encrypts each message.
Chapter 4: Basic Concepts
81
Kerberos Participants
The Kerberos protocol involves the actions of five participants, as follows:
User The person who initiates communication with a remote service.
Client The software that communicates with the service on behalf of the
user. When you use RPCSEC_GSS with NFS Maestro Client, there are
actually two clients in operation:
the Kerberos client, which retrieves your credentials from the Kerberos
service and sends them to the remote services for authentication
NFS Maestro Client, which communicates with the remote services
once you have been authenticated
Remote Service The service on the remote host that communicates with
the client. NFS Maestro Client, for example, communicates with the
portmapper, nfsd, and mountd services (daemons) on an NFS server.
Kerberos itself is a remote service.
Kerberos Service (or Kerberos) The service that generates the credentials
for the user and the remote service. The server that runs Kerberos is known
as the Kerberos server.
Authentication Database The facility that stores the authentication
information for every principal in the Kerberos realm. Kerberos uses this
information to generate credentials. When you use RPCSEC_GSS with NFS
Maestro Client, there are actually two authentication databases in
operation:
The Kerberos databasealso known as the Key Distribution Centre
(KDC)which is part of the Kerberos service and stores the Kerberos
passwords for all principals.
An NFS authentication database, which stores the authentication
information for NFS clients and servers. The NFS authentication
database must be a NIS or NIS+ server.
NFS Maestro Client Users Guide
82
Authorization
Authorization determines what permissions apply to an authenticated client
for a given resource. Permissions determine the level of access (if any) that a
particular client has to the resource.
When you connect to a filesystem, your access to its resources depends upon
the following:
the NFS credentials you supply during authentication
the UNIX permissions set for the resources
For example, if you supply credentials for a client that has read-only
permission for a given file, then you can examine the file and its attributes,
but you cannot modify or delete it.
You can change the permissions of resources within the connected
filesystem only if either or both of the following conditions is true:
you supply the credentials for the owner of the resource
The root user in UNIX is the
equivalent of the Windows
Administrator.
you supply the credentials for the root user and the NFS server
administrator has granted root access to the filesystem from your
machine
If either condition is true, you can change either the UNIX-style permission
for the resource or its Windows-style Access Control List (ACL).
UNIX Permissions
UNIX systems authorize resource access to clients in terms of Read, Write,
and Execute permissions:
Permission Description
Read Lets clients list the contents of a directory and open and copy
the contents of a file.
Write Lets clients add files to a directory and delete, rename, or
modify a file.
Execute Lets clients access a directory and run a file as a program.
Chapter 4: Basic Concepts
83
For more information on
NFS credentials, see
page 77.
UNIX systems apply each of these three types of permission to three types
of client. The client type that applies to you depends on the credentials you
supply during authentication:
Permission Modes
UNIX represents each type of access as a bit in a 3-bit number. The high bit
defines the Read permission, the middle bit the Write permission, and the
low bit the Execute permission. Here are some examples:
Client Type Description
User Applies to the owner of the resource. If your UID matches the
UID for the owner of the resource, you are granted User
permissions.
Group Applies to any member of the owners primary group (the group
owner). If any of your GIDs match the owners primary GID, you
are granted Group permissions.
Other Applies to all other clients. If your UID and GIDs do not match
the owner or group owner credentials, then you are granted
Other permissions.
Note: The local root user can access any file or directory,
regardless of the permissions assigned to it.
Permission
Bit Value
Read Write Execute Binary Decimal
Execute only 0 0 1 001 1
Read and Write 1 1 0 110 6
Read, Write, and
Execute
1 1 1 111 7
NFS Maestro Client Users Guide
84
For a given resource, the combined 3-bit numbers for User, Group, and
Other form an octal number known as the mode. A file with read-only
permissions for each client type has a mode of 0444. A file with full
permissions for the owner and no permissions for anyone else has a mode
of 0700.
UNIX systems also represent the combined permissions for a resource as a
string that denotes Read, Write, and Execute permissions by the letters r, w,
and x, respectively. A dash denotes no permission. For example, the string
rwxr-x--- describes a resource with full permissions for the owner, Read
and Execute permissions for members of the users group, and no
permissions for everyone else:
NTFS Permissions
For more information on
NTFS permissions, see
Windows Help.
NTFS defines the following set of standard permissions that let you control
access to resources: Full Control, Modify, Read, Read & Execute, Write, and
(for directories only) List Folder Contents. The standard permissions are
actually groupings of other permissionsthe NTFS special permissions.
For example, the standard Read permission encompasses the following
special permissions: List Folder/Read Data, Read Attributes, Read Extended
Attributes, Read Permissions, and Synchronize. You can set the special
permissions directly for a finer degree of control.
The Access Control List (ACL) for a given resource defines how these
permissions apply to clients. The ACL contains an Access Control Entry
(ACE) for each valid user and group that can access the resource. The ACE
specifies what permissions apply to the user or group.
Format Owner Group Other
String rwx r-x ---
Binary 111 101 000
Decimal 7 5 0
Mode 0750
Chapter 4: Basic Concepts
85
For more information on
mapping names, see NFS
Maestro Name Mapping
Server Configuration Help.
The ACL for a given resource applies to Windows users and groups.
Therefore, before you can change the ACL for a shared NFS resource, you
must ensure that the users and groups in the ACL have been mapped to
users and groups in the NFS name space. You can set up these mappings
using NFS Maestro Name Mapping Server Configuration.
Setting ACLs for NFSv4 Resources
The NFSv4 protocol defines a set of permissions that closely resembles the
set of special permissions in NTFS. When you set the ACL for a resource
that has been exported using NFSv4, NFS Maestro Client automatically
converts the requested ACL into an NFSv4 ACL.
Before you set the ACL for an NFSv4 resource, make sure that the mapped
user and group names from the NFS name space contain a DNS domain
(for example, [email protected]).
Full Control Access in NTFS and UNIX
This restriction does not
apply to resources
exported using NFSv4.
In NTFS, if you grant a user or group Full Control access to a resource, that
user or member of that group can change the permissions for the resource.
In UNIX, there is no equivalent to the Full Control permission; only the
owner of a resource and the root user can change the permissions for the
resource. Therefore, mapped clients cannot change the permissions for a
shared resource, even if you have given them Full Control access.
Warning! The Windows group Everyone includes all users and
groups. Permissions for Everyone are not equivalent to Other
permissions in UNIX; they apply to User, Group, and Other. For
example, if you grant read and execute permission to Everyone,
the equivalent UNIX mode is 555, or r-xr-xr-x. Exercise caution
when setting permissions for this group.
NFS Maestro Client Users Guide
86
The Network Component (Hummingbird NFS)
NFS Maestro Client contains a network component, Hummingbird NFS,
that lets you browse NFS hosts using file-browsing applications such as
Windows Explorer. You can also browse for these hosts in the file-browsing
lists in other Windows applications (such as the Browse Hummingbird NFS
Network dialog box in NFS Maestro Client).
The following sections
describe these containers
in more detail.
The network component organizes NFS hosts into three standard
containers:
Configured NFS Hosts
Directory Service Automounts
Directory Service Hosts
You can also add your own containers.
To access the network component:
In Windows Explorer, navigate to Entire Network and expand it. The network
component is labelled Hummingbird NFS.
Configured NFS Hosts Container
For more information on
the Configuration Wizard,
see Setting Initial Values
for Client Properties on
page 126.
The Configured NFS Hosts container lists all NFS hosts stored in the
Registry. This list is created when you install NFS Maestro Client. Using the
NFS Maestro Client Configuration wizard, you can enable a scan of your local
subnet. The scan adds to the list the names of any hosts on the subnet that
are running the nfsd daemon. (The nfsd daemon is a necessary component
of any functional NFS server.)
The Network Component in Windows Explorer
Chapter 4: Basic Concepts
87
You can refresh or edit this list using either of the following tools:
The NFS Share Editor. For more information, see Managing Shares
on page 139.
The NFS Maestro Client extensions for the Windows shell. For more
information, see Creating Custom Containers on page 92.
The NFS Maestro Client console. For more information, see Chapter 7.
Directory Service Automounts Container
For more information on
directory service profiles,
see Hummingbird
Directory Services Help.
The Directory Service Automounts container lists the contents of the NFS
automount master object in the selected directory service in the current
profile (system or user). The name of the master object depends on the
current directory service:
If the current directory service is HCLNFSD/PCNFSD with DNS, the
container does not list any objects.
Typically, the master object stores information about the direct and indirect
automount objects. The automount daemon consults these objects when
resolving and mounting remote file systems. If these objects exist in the
current directory service, the Directory Service Automounts container lists
them as subcontainers.
Directory Service Master Object
NIS auto.master (map)
NIS+ auto_master.org_dir (table)
LDAP (RFC 2307 schema) nismapname=auto_master (container)
Subcontainers
NFS Maestro Client Users Guide
88
Automount Syntax
Automount objects represent resources and other objects as key-value pairs.
For master objects, the key-value pair defines the automount object to
consult when the user accesses the child of a particular parent directory. For
other objects, the key-value pair defines the host and filesystem to be
mounted.
In the following example of an entry in a NIS+ automount table,
/home auto_home
the key is /home and the corresponding value is auto_home. Whenever the
user accesses a directory under /home, the auto_home object supplies the host
and filesystem to be mounted.
In the following example of an entry in the auto_home object,
dan serverx:/export/users/dan
the key is dan and the value is serverx:/export/users/dan. If the user
attempts to access the filesystem /home/dan from any host, the directory that
is actually accessed is /export/users/dan on the host serverx.
If a key-value pair in the
master lists the hosts
object as the value, the
automount daemon can
mount all exported
filesystems for a given
host in the hosts object.
In this example, the automount daemon looks up the parent directory,
/home, in the master object to determine which automount object to consult
(auto_home). The daemon then looks up the key, dan, in the automount
object to determine the actual host and filesystem to mount.
In the Directory Service Automounts container, the name of each
subcontainer corresponds to a key in the master object. You can expand the
subcontainer to see the keys that it stores. Each key in a subcontainer
represents an exported filesystem.
The value associated with the dan key
is an exported filesystem.
The value associated with the home key
is an automount object.
Chapter 4: Basic Concepts
89
The Hosts Object in Automounts
In a directory service, the hosts object associates host names with IP
addresses. Applications query the hosts object to retrieve the IP address for
a given host name (or vice versa). The hosts object can also serve the same
purpose in the automount master. If the master object contains an entry
such as the following,
/map_name -hosts
then the automount daemon consults the hosts object to evaluate any path
beginning with /map_name. When a client attempts to access a filesystem
/map_name/hostname, the automount daemon verifies that hostname is listed
in the hosts object, and, if it is, mounts all exported filesystems on the host.
The hosts object does not appear in the Directory Service Automounts
container. However, if you connect to an NFS resource that contains a
symbolic link to /map_name/hostname/filesystem, you can traverse the
linked filesystem as if you had connected to it directly.
For example, the /export/data directory on the host nfs1 contains a file,
results.doc:
The exported filesystem /users/data on the host nfs2 contains a symbolic
link to /export/data that uses the automount syntax:
Note: The network component does not recognize automount
objects in the master object that are named using a path and file
name. For example, the network component does not recognize
an automount object named /etc/auto_mount. To be available to
the network component, the object must be named as an object.
nfs1$ ls -og /export/data
-rwxrwxrwx 1 9456 Apr 30 11:25 results.doc
nfs2$ ls -og /users/data
lrwxrwxrwx 1 22 Jun 3 12:44 data -> /net/nfs1/export/data
NFS Maestro Client Users Guide
90
For more information on
the nfs link command, see
Connecting from the
Command Line on
page 105.
When you use NFS Maestro Client to connect to /users/data on nfs2, you
can access the document results.doc without creating another connection:
How the Network Component Interprets Automounts
If a resource name specified in an automount object contains an ampersand
character (&), the network component replaces the ampersand with the key
value. For example, in the following entry from an auto.home (NIS) map,
dan myserver:/export/home/&
the key is dan and the value is myserver:/export/home/&. The network
component substitutes the key for the ampersand and displays the exported
resource as myserver:/export/home/dan.
If the key value is an asterisk (*), the network component replaces the
ampersand with your NFS name. For example, in the following entry,
* myserver:/export/home/&
the network component substitutes your NFS name for the ampersand in
the path /export/home/&, and displays the exported resource in a
subcontainer called $user.
Your NFS name is the registered NFS name or, if there is not a registered
name on your system, your Windows logon name. For more information,
see Default Credentials for Connecting on page 104.
C:\> nfs link H: \\nfs2\/users/data
Device H: linked to \\nfs2\/users/data
C:\> H:
H:\> ls -Alg
total 0
lrwxrwxrwx 1 otrellis staff 22 Jun 3 12:44 data
H:\> cd data
H:\data> ls -Alg
total 0
-rwxrwxrwx 1 root root 9456 Apr 30 11:25 results.doc
Chapter 4: Basic Concepts
91
Directory Service Hosts Container
For more information on
directory service profiles,
see Hummingbird
Directory Services Help.
The Directory Service Hosts container lists the hosts stored in the hosts
object for the selected directory service in the current profile (system or
user). The name of the hosts object depends on the current directory service:
The DNS host list is not
related to the host name
lookup setting that you can
configure in Hummingbird
Directory Services.
If the current directory service is HCLNFSD/PCNFSD with DNS, the
container displays the list of hosts supplied by your local DNS server
(provided the DNS administrator has allowed zone transfers).
Listing and Exploring NFS Resources
With the exception of the Directory Service Automounts container, each
container in the network component lists hosts directly. You can expand
each host icon to view the resources that have been exported on that host.
The list of exported resources for each host corresponds to the exports file
on that host (such as /etc/exports or /etc/dfs/dfstab). The network
component automatically assigns a share name to each exported resource.
The share name is an abbreviation of the path of the actual resource. The
actual export path appears in parentheses beside the share name.
Directory Service Hosts Object
NIS hosts.byname (map)
NIS+ hosts.org_dir (table)
LDAP (RFC 2307 schema) ou=Hosts (container)
Host icon
Exported resource
NFS Maestro Client Users Guide
92
For more information on
authentication, see
page 76.
You can explore the listed resources as if you had mapped them as local
drives, as long as your authentication information is valid for each.
To refresh the list of exports for a host:
1 In the container that stores the host, right-click the host.
2 On the pop-up menu that opens, point to NFS Maestro Client; then, click
Refresh Shares.
Creating Custom Containers
The Windows shell is the
interface framework for
applications such as
Windows Explorer.
You can use the NFS Maestro Client extensions of the Windows shell to add
custom containers to the network component.
To create a custom container:
1 In Windows Explorer, navigate to and right-click Hummingbird NFS. On
the pop-up menu that opens, point to NFS Maestro Client; then, click
Add/Remove Containers.
2 In the Add/Remove Containers dialog box, click Add.
3 In the Proper ties dialog box, do the following:
a) In the Name box, type the name of the new container.
b) In the Comment box, type a descriptive comment for the container.
This comment appears when you move the mouse over the
container in Windows Explorer. It also appears in the right pane of
the console.
c) Click OK.
Note:
Whenever you expand a host in a custom container, NFS
Maestro Client automatically adds the host and share
information to the Configured NFS Hosts container.
NFS Maestro Client maintains a single list of NFS shares.
Whatever changes you make to the properties of a given share
apply to all instances of that share in every container.
Chapter 4: Basic Concepts
93
4 In the Add/Remove Containers dialog box, click OK. The new container is
added to the network component and to the node in the console. (Press
F5 to refresh Windows Explorer.)
5 In Windows Explorer, right-click the new container and, on the menu
that opens, point to NFS Maestro Client; then, click Add/Remove Hosts.
6 In the Add/Remove Hosts dialog box, do any of the following to add NFS
hosts to the container:
To specify the NFS hosts directly, type their names in the Enter NFS
Host To Add box. If you specify multiple hosts, separate their names
with spaces. Click Add.
To terminate the server
scan at any time, click
Stop. For more information
about the Find NFS
Servers dialog box, see
NFS Maestro Client Help.
To locate and select NFS hosts on your subnet, click Find. In the Find
NFS Servers dialog box, click Find Now. NFS Maestro Client
broadcasts a message over UDP (the User Datagram Protocol) to
determine which hosts on your local subnet are running the nfsd
daemon. From the list of results, select the server(s) you want to
add to the container; then, click OK.
For more information, see
Importing and Exporting
NFS Host Information on
the following page.
To import NFS host names from a directory service object or from
a local hosts file, click Impor t. In the Impor t Hosts dialog box, select
the source for host information; then, click OK.
7 In the Add/Remove Hosts dialog box, click OK. (Press F5 to refresh
Windows Explorer.)
You can also use the Add/Remove Containers dialog box to edit or delete
existing custom containers. You can edit the Configured NFS Hosts
container, but you cannot delete it.
NFS Maestro Client Users Guide
94
Importing and Exporting NFS Host Information
When you add NFS hosts to a container, you can import the host names
from either of the following sources:
For more information on
binding to a directory
service, see Hummingbird
Directory Services Help.
The hosts object in the currently configured directory service. To
import host information from a directory service, you must bind to the
service using Hummingbird Directory Services.
A local text file. The file must follow the format of the UNIX hosts file
(/etc/hosts on most UNIX systems).
You can also export the host information stored in a container to a text file.
Because the Directory Services Automounts container lists keys rather than
NFS hosts, you cannot export host information from this container.
To import host information into a container:
1 In Windows Explorer, right-click the container. On the menu that
opens, point to NFS Maestro Client, and then click Add/Remove Hosts.
2 In the Add/Remove Hosts dialog box, click Impor t.
3 In the Impor t Method area, do one of the following:
To import host information from the currently configured
directory service, select Directory Service Hosts.
To import host information from a local file, select UNIX hosts
Text File. Then, type the path and name of the file in the Filename
box, or click Browse to locate and select the file from your system.
4 Click OK. The host information is added to the selected container.
(Press F5 to refresh Windows Explorer.)
To export host information from a container:
1 In Windows Explorer, right-click the container that you want to export.
2 On the pop-up menu that opens, point to NFS Maestro Client; then, click
Expor t Hosts.
3 In the Save As dialog box, specify the location and name of the file;
then, click Save.
Chapter 5
Connecting to NFS Resources
Preparing to Connect 97
Verifying Required RPC Daemons 97
Verifying Available Exports 100
Basic Connection Information 101
Specifying Network Paths 101
Specifying Network Paths as Directory Service Queries 102
Default Credentials for Connecting 104
Connecting from the Command Line 105
Connecting from the NFS Maestro Network Access
Dialog Box 106
Editing the Network Path History 108
Specifying Credentials with the Connect As Dialog Box 109
Registering Credentials 110
Connecting from Windows Explorer 111
Disconnecting from Connected Filesystems 112
Remote Printing 113
Connecting to Remote Printers 114
Chapter 5: Connecting to NFS Resources
97
Preparing to Connect
Before you can connect to a remote resource, you need to verify that the
following conditions are true:
the NFS server that exports the resource is running the required
daemons for NFS connections
the resource has been exported and the NFS administrator has granted
access to the filesystem for clients on your machine
Verifying Required RPC Daemons
For more information, see
Daemons Required for
NFS on page 70.
To connect to an exported resource using NFS, the following daemons that
act as Remote Procedure Call (RPC) services must be running on the NFS
server:
portmapper (rpc.bind)
mountd (required only for NFS versions 2 and 3)
hclnfsd or pcnfsd (required only if you are using DNS as your directory
service)
nfsd
nlockmgr
To view the list of daemons running on an NFS host:
For more information, see
The Network Component
(Hummingbird NFS) on
page 86.
1 In Windows Explorer, navigate to the network component
(Hummingbird NFS).
2 Navigate to the NFS host that you want to check.
3 Right-click the host. On the pop-up menu that opens, click Proper ties.
4 In the Proper ties dialog box for the host, click the RPCInfo tab.
As long as the portmapper daemon is running on the NFS host, the
RPCInfo page lists program information for every RPC daemon running
on the host (described below).
NFS Maestro Client Users Guide
98
5 On the RPCInfo page, select Show Only RPC Daemons Required for NFS
Connection. The RPCInfo page then displays the NFS daemons running
on the host. If a required daemon is missing, the Program column lists
(not found).
6 To refresh the list of daemons, click Refresh.
You can also use the Remote Info application and the rpcinfo command to
determine which daemons are running on the NFS server. For more
information on Remote Info and the rpcinfo command, see NFS Maestro
Client Help.
Chapter 5: Connecting to NFS Resources
99
Program Information Available for RPC Daemons
The RPCInfo page displays the program information for each RPC daemon
in the following columns:
If you accessed the RPCInfo page through the network component, the
names in the Service column come from the following sources:
The rpc object in the currently configured directory service (if
available).
The rpc file, which associates program numbers with their service
names. You can edit this file with a text editor (such as Windows
Notepad). The associations recorded in the rpc file take precedence over
the equivalent associations in the rpc object.
The rpc file is located in the installation directory for NFS Maestro Client.
The default location for this directory is as follows:
You can specify a different location when you install the product.
Column Description
Program Displays the hosts identification number for the program or
service provided. This program is a commonly defined RPC
number.
Version Displays the version of the program. It is common to have
multiple versions of the same program running at once.
Port Displays the port number (used by the program) which is
registered on the host. The port is used by both the client and
the host for the connection.
Protocol Indicates which network protocol (TCP or UDP) the program
supports for the connection.
Service Lists the names of the programs or services provided that are
associated with the identification number.
C:\Program Files\Hummingbird\Connectivity\version\NFSClient
NFS Maestro Client Users Guide
100
Verifying Available Exports
NFS administrators can restrict access to exported resources to certain hosts.
Only NFS clients on the specified hosts can access the exported resources.
Therefore, before you try to connect to a resource, you need to verify that it
has been exported and that you can access it from your machine.
To verify the availability of a resource on an NFS host:
For more information, see
The Network Component
(Hummingbird NFS) on
page 86.
1 In Windows Explorer, navigate to the Hummingbird NFS.
2 Navigate to the NFS host that you want to check.
3 Right-click the host. On the pop-up menu that opens, click Proper ties.
4 In the Proper ties dialog box for the host, click the Expor ts tab. The
Expor ts page displays the path, share name, and host access restrictions
for each exported resource on the selected host.
5 To refresh the list of resources, click Refresh.
You can also use the Remote Info application and the exports command to
determine the availability of exported resources on a particular NFS host.
If the Access column lists
(everyone) for a given resource,
clients from any host can connect
to that resource.
If the Access column lists a host,
a set of hosts, or a netgroup, only
those clients from the specified
hosts can access the resource.
Chapter 5: Connecting to NFS Resources
101
Basic Connection Information
Once you have verified that the required daemons and resources are
available on the NFS server, you can connect to the resources. In general,
you need to supply two pieces of information to create a connection:
the network path of the resource
your NFS credentials for authentication
Specifying Network Paths
The network path name for a given resource on a particular server is the
server name followed by the complete path name of the resource. You can
specify the network path using the following format:
\\server\resource
where:
server is the name or IP address of the NFS server.
resource is the absolute path of the resource. resource can be a path in
UNIX syntax or a Uniform Naming Convention (UNC) share name of
the exported resource. resource is case sensitive.
To specify the resource /opt/apps (UNIX syntax) on the NFS server otrellis
(with IP address 123.45.67.89), you could type either of the following:
\\otrellis\/opt/apps
\\123.45.67.89\/opt/apps
The backslashes are necessary to correctly denote the host. To specify the
UNC share Apps on the server orlick, you could type \\orlick\Apps. If the
network path contains spaces, enclose it in quotation marks.
Note: The network component automatically assigns a share
name to every exported resource it records. You can change the
share name for an exported resource using the NFS Share Editor.
NFS Maestro Client Users Guide
102
Specifying Network Paths as Directory Service Queries
For more information on
binding to a service, see
Hummingbird Directory
Services Help.
If you have used Hummingbird Directory Services to bind to a particular
directory service domain, you can query the service to retrieve an NFS
resource name. You include the query as part of the path specification for
the resource. Use any of the following formats:
\\servername\$home
\\$dsobject\$user
\\$dsobject\key
For more information, see
Setting Miscellaneous
Properties on page 130.
The dollar symbol ($) is a special character that indicates to NFS Maestro
Client that the specified path is actually an expression that must be
evaluated. You can change this character using the Hummingbird NFS Maestro
Client Proper ties dialog box.
Specifying Paths Using the $home Format
Use the following format to retrieve the path of your home directory:
\\servername\$home
For more information on
authentication name,
see Default Credentials
for Connecting on
page 104.
where:
servername is the name of a particular NFS server
$home is the literal string as written
NFS Maestro Client queries the appropriate directory service object to
retrieve the name of your home directory; your authentication name is the
search key. For example, the following path specifies your home directory
on an NFS server called otrellis1:
\\otrellis1\$home
Note: To query a NIS+ domain, you must use your user profile in
Hummingbird Directory Services.
Chapter 5: Connecting to NFS Resources
103
Specifying Paths Using the $user Format
Use the following format to retrieve a path from a directory service based
on your authentication name:
\\$dsobject\$user
where:
dsobject is the name of a particular directory service object
$user is the literal string as written
A path specification in this form returns the network path name (including
the server name) of an NFS resourcethe resource that dsobject associates
with your authentication name ($user).
dsobject can be any object that associates user names with fully qualified
resource names. For example, the auto_home.org_dir table in NIS+ stores
the location of the home directories (including server names) for NIS+
users.
If you have selected NIS+ as your directory service, the following path
resolves to the home directory associated with your authentication name:
\\$auto_home.org_dir\$user
The directory service administrator may have also created other objects that
associate user names with resource paths. You can specify any of these as
dsobject.
Specifying Paths Using the Key Format
Use the following format to query a directory service object based on any
key value:
\\$dsobject\key
where:
dsobject is the name of a particular NIS map or NIS+ table
key is the search key
A path specification in this form returns the name of the value in dsobject
that matches key. This format cannot return paths from LDAP objects.
NFS Maestro Client Users Guide
104
dsobject can be any NIS/NIS+ object that associates fully qualified resource
names with key values. For example, an object called appdbthat associates
application paths with certain nicknamesmight have the following
entries:
The first column lists the key (the application nickname); the second
column lists the fully qualified network path name of the application. To
specify the path for the vmaker application, you could type the following:
\\$appdb\vmaker
Default Credentials for Connecting
If you use the AUTH_SYS/AUTH_UNIX protocol for accessing NFS
resources, NFS Maestro Client sends your credentials (user name and
password) to the appropriate authentication agent. NFS Maestro Client
derives your credentials from the following sources (in order):
the name and password you have specified using the Connect As dialog
box or the nfs link command, or, if you have not supplied this
information,
the name and password you have registered using the nfs register
command or the Register button in the Connect As dialog box, or, if you
have not registered any credentials,
your Windows user name and logon password
If your Windows user name and password are not the same as your UNIX
user name and password, or if you do not have a UNIX account, you need
to specify a valid UNIX user name and password using the Connect As
dialog box or the nfs register command.
If you are using Windows Explorer to access an NFS resource, use the
Connect As box in the Map Network Drive dialog box to specify your
credentials.
vxterm otrellis1:/usr/bin/win/vxterm
vmaker otrellis1:/usr/local/bin/vmaker
qview macphel:/usr/bin/qview
Chapter 5: Connecting to NFS Resources
105
Connecting from the Command Line
For more information on
available commands, see
Command Line
Applications on page 5.
You can run most NFS Maestro Client applications from the command line.
Several applications run from the command line only.
To connect from the command line:
1 View the list of exported resources on a given server by typing the
following at the command line:
exports servername
The exports command lists the resources exported on the server
servername.
For more information about
the nfs link command, see
NFS Maestro Client Help.
2 To connect to a resource, type the following at the command line:
nfs link device networkpath [username]
where:
device is the local drive you want to use for the connection (for
example, D:). Type an asterisk (*) to use the next available drive.
For more information, see
Specifying Network
Paths on page 101.
networkpath is the server name and path of the exported resource
(for example, \\nfsserver\/nfs/export). You can specify this
information using any of the supported formats.
For more information, see
Default Credentials for
Connecting on page 104.
username is a valid user name on the server (you are prompted for
your password). This parameter is optional. If you do not supply a
user name, NFS Maestro Client uses your default credentials.
3 If prompted, type your password for the server.
NFS Maestro Client notifies you if the connection is successful. You can
verify the connection by running the nfs use command line application,
which displays the currently connected drives. Alternatively, you can check
the connection in Windows Explorer: it should appear as a mapped drive.
NFS Maestro Client Users Guide
106
Connecting from the NFS Maestro Network Access Dialog Box
For more information of the
features of the NFS
Maestro Network Access
dialog box, see NFS
Maestro Client Help.
The NFS Maestro Network Access dialog box lets you connect to exported
filesystems and set connection parameters.
To connect to using the NFS Maestro Network Access dialog box:
1 On the Windows Star t menu, point to Programs and navigate to
Hummingbird Connectivity.
2 Click NFS Maestro Network Access. The NFS Maestro Network Access
dialog box opens.
If you are using the system profile for NIS+, the Hummingbird
Directory Services application runs keylogin using your Windows user
name and password as NIS+ credentials. If this fails, it tries using your
registered user name and password (if you registered them previously
using the Connect As dialog box or the nfs register command). If this
fails, the NIS+ Keylogin dialog box opens, letting you enter your NIS+
credentials. Once you have supplied your credentials, the NFS Maestro
Network Access dialog box becomes available.
3 In the Drive box, select the drive letter that will act as the local drive.
Chapter 5: Connecting to NFS Resources
107
4 In the Network Path box, specify the filesystem to which you want to
connect. Use any of the following methods:
Type the network path directly. For more information, see
Specifying Network Paths on page 101.
Type the network path as a directory service query. For more
information, see Specifying Network Paths as Directory Service
Queries on page 102.
Click the down arrow beside the Network Path box to select a
previously specified filesystem. For more information, see Editing
the Network Path History on page 108.
Click Browse and use the Browse Hummingbird NFS Network dialog
box to locate and select the filesystem from the network
component. For more information, see The Network Component
(Hummingbird NFS) on page 86.
This option is not available
if you are using
RPCSEC_GSS
authentication.
5 If you want to automatically restore the connection each time you log
onto Windows, select Reconnect At Logon. Your machine remains
connected to the filesystem until specified otherwise. If you do not use
this filesystem often, clear this check box to improve the speed of
Windows startup.
For more information, see
Configuring
Authentication Protocols
on page 134.
6 In the Authentication Type area, specify the authentication you want to
use to connect to the resource. You can select RPCSEC_GSS only if you
have configured a directory service profile. You can select
AUTH_DH/AUTH_DES only if your user profile binds to a NIS+ domain.
For more information, see
Specifying Credentials
with the Connect As Dialog
Box on page 109.
7 If you are using AUTH_SYS/AUTH_UNIX authentication and want to
connect using a different user name, click Different User Name and
specify a user name and password in the Connect As dialog box.
Note: If you registered a user name and password in the Connect
As dialog box, you do not need to specify them again. However, a
particular connection may require a different user name and
password.
NFS Maestro Client Users Guide
108
For more information, see
Setting Properties for
New and Existing
Connections on
page 128.
8 If necessary, you can override the default connection properties set in
the Hummingbird NFS Maestro Client Proper ties dialog box. In the NFS
Maestro Network Access dialog box, click Proper ties to open the NFS
Share/Connection Proper ties dialog box.
9 If you made changes to the NFS Share/Connection Proper ties dialog box,
click OK to return to the NFS Maestro Network Access dialog box.
10 Click Connect to establish the connection.
You can verify that a valid connection was made by checking in Windows
Explorer: the filesystem should appear as a mapped drive.
Editing the Network Path History
Use the Network Path History dialog box to edit the list of filesystems that
appear in the Network Path list in the NFS Maestro Network Access dialog
box.
To edit the Network Path History list:
1 In the NFS Maestro Network Access dialog box, click the ellipsis ()
button.
2 If you want NFS Maestro Client to keep track of connections created
with the NFS Maestro Network Access dialog box, select Add To History.
Chapter 5: Connecting to NFS Resources
109
If you want the history list to only include filesystems that you manually
enter in this dialog box, clear Add To History. The History feature can
remember up to 10 filesystems.
3 Do any of the following:
To manually add a filesystem to the history list, type its full network
path in the Path box and click Add.
To remove a filesystem from the list, select it and click Remove.
To change the order of a filesystem in the list, select it and click Up
or Down. In the Network Path drop-down list in the NFS Maestro
Network Access dialog box, the filesystems are listed in the order
they appear in the Network Path History Editor dialog box.
Specifying Credentials with the Connect As Dialog Box
If your Windows user name and password are not the same as your
AUTH_SYS/AUTH-UNIX credentials for a given NFS server, you must use
the Connect As dialog box to specify the correct credentials. You can also use
the Connect As dialog box to specify the alternative credentials for
AUTH_SYS/AUTH_UNIX authentication.
NFS Maestro Client Users Guide
110
The Connect As dialog box lets you do the following:
Specify the user name and password for the current connection. In the
Current User area, type this information in the User Name and Password
boxes; then, click OK.
Register a user name and password for the current and subsequent NFS
connections that use AUTH_SYS/AUTH_UNIX authentication. You
can register credentials for only the current user (local registration) or
all users on your machine (global registration).
Login to the remote filesystem using the locally or globally registered
user name and password.
Login to the remote filesystem anonymously. In this case, NFS Maestro
Client attempts to connect to the filesystem using the credentials of the
nobody user. Not all exported filesystems support anonymous user
access. To use anonymous credentials, select Anonymous Login; then,
click OK.
Registering Credentials
For information on
registering credentials
using the command line,
see NFS Maestro Client
Help.
If you register your AUTH_SYS/AUTH_UNIX credentials, you do not need
to supply them each time you connect. For a given connection, the
credentials you specify in the Connect As dialog box supersede your
registered credentials. You can register credentials locally or globally.
To register a user name and password:
1 In the Connect As dialog box, select Current User, and type your user
name and password in the appropriate boxes.
2 Click Register.
3 In the Register As dialog box that opens, select the Local User or Global
User option to register the credentials for only the current user or all
users of the machine, respectively. You must have administrative
privileges to register all users.
4 Click OK to close the Register As dialog box. The user name appears in
the Registered User or Globally Registered User area, as appropriate.
5 Click OK in the Connect As dialog box.
Chapter 5: Connecting to NFS Resources
111
To remove registered credentials:
1 In the Connect As dialog box, enable the Registered User or Globally
Registered User area, depending on the type of credentials you want to
delete, and click Reset. The user name is automatically deleted from the
area, and the Current User area enabled.
2 Click OK in the Connect As dialog box.
Connecting from Windows Explorer
If you are using AUTH_SYS/AUTH_UNIX authentication, you can connect
to an NFS resource using Windows Explorer.
To connect to an exported filesystem using Windows Explorer:
1 Open Windows Explorer.
2 Do one of the following:
For more information on
specifying paths, see
page 101.
On the Tools menu, click Map Network Drive. In the Folder box of the
Map Network Drive dialog box, specify the filesystem to which you
want to connect. You can either type the network path directly or
click Browse and use the Browse For Folder dialog box to locate and
select the filesystem.
Navigate to Entire Network and expand it. Expand Hummingbird NFS.
Browse for the server you want to access and double-click it. Right-
click the share name for the filesystem. On the pop-up menu that
opens, click Map Network Drive.
3 In the Map Network Drive dialog box, select the drive you want from the
Drive drop-down list.
4 To connect using a different account, click Different User Name and
specify the connection information in the Connect As box.
5 Click Finish.
If the connection is successful, the filesystem appears in Windows Explorer
as a mapped drive.
NFS Maestro Client Users Guide
112
Disconnecting from Connected Filesystems
You can disconnect from filesystems using the command line, the NFS
Maestro Network Access dialog box, or Windows Explorer.
To disconnect using the command line:
Type the following at the command line:
nfs unlink drive
where drive is the letter of the connected drive. You do not need to include
a colon after the drive letter.
To disconnect using the NFS Maestro Network Access dialog box:
1 In the NFS Maestro Network Access dialog box, click Disconnect.
2 In the Disconnect NFS Network Drive dialog box, select the connections
from the NFS Network Drives list that you want to disconnect.
3 Click OK.
To disconnect using Windows Explorer, do any of the following:
On the Tools menu in Windows Explorer, click Disconnect Network Drive.
From the list of current network drives, select the drives you want to
disconnect and click OK.
In Windows Explorer, right-click the mapped drive you want to
disconnect. On the pop-up menu that opens, click Disconnect.
Note: You cannot use an asterisk wildcard (*) with the nfs unlink
command; you must disconnect from drives one at a time.
Chapter 5: Connecting to NFS Resources
113
Remote Printing
NFS Maestro Client lets you connect remote printer queues to local port
devices. This connection lets you send print jobs to the print device
attached to an NFS server. You must use AUTH_SYS/AUTH_UNIX
authentication to connect to printers.
When you send a file to print on a remote NFS printer, the data is copied to
a staging area (a buffer) on the NFS server. A spooler or daemon on the
server then queues the print job to the predefined printer. The following
diagram illustrates this procedure.
After you connect to a remote NFS printer, you can print files as you
normally would from any application. NFS Maestro Client creates a print
file in the spool directory. NFS Maestro Client uses hclnfsd or pcnfsd to
issue a request to print the file (it may be an lp or lpr command).
The file then prints on the requested printer. If the NFS server is not
running hclnfsd or pcnfsd, the file is spooled locally. The lpr command
sends the file either to the lpd daemon of the remote printer or to the print
queue.
NFS Print Client NFS Print Server Remote Laser Printer
Buffer Area Spool Area
transfer file to
buffer area
transfer file from
spool area
Sends file to print on
remote NFS server
Receives file in buffer, then
spools it
Outputs file
NFS Maestro Client Users Guide
114
For information on the NFS
printer subsystem on the
server, see the server
documentation.
For example, if you connect the remote printer \\sales\laserjet to a
queue name on your computer, all output sent to that print queue redirects
to the printer laserjet on the NFS print server sales. In the case of a queue
on a UNIX computer, the lp or lpr application then prints any file(s) on the
device laserjet.
LPR/LPD Printing versus Printing via NFS
The primary difference between LPR/LPD printing and NFS printing is
how the data transfers from the client computer to the printer or print
server queue.
NFS The NFS clients print job transfers from the client computer to the
server computer by writing an NFS file. hclnfsd or pcnfsd spools the print
job and then forwards it, using the remote-server print program, to the
printer queue on the server. The server daemon, hclnfsd or pcnfsd, is aware
only of print queues on the server.
LPR/LPD An LPR command sends the job using the LPR protocol
directly to the servers printer daemon.
Connecting to Remote Printers
To support print requests from NFS clients, a network printer must be
running hclnfsd, pcnfsd, or lpd.
lpd (line printer daemon) is a server program that allows clients to send files
directly to either the servers printer or a network print queue. Some
network interface cards for printers include an lpd daemon.
You can browse for printers only if the server is running hclnfsd or version 2
of pcnfsd.
To connect to a remote printer:
1 On the Windows Star t menu, point to Settings and then click Printers.
2 Double-click Add Printer. The Add Printer Wizard starts. Click Next.
3 Select Network Printer and click Next.
Chapter 5: Connecting to NFS Resources
115
4 In the Name box, specify the network path of the printer using the
following format:
\\server\queuename
where server is the name of the server to which you want to connect,
and queuename is the name given to the printer on that host (for
example, \\sales\laserjet).
If the printer you select does not have a driver currently installed, you
can select one. For more information on installing network printers, see
your operating system documentation.
5 Click Next.
6 If you want to set the specified printer as the default, select Yes. Click
Next.
7 Click Finish to close the wizard.
Chapter 6
Configuring and Tuning
NFS Maestro Client
NFS Maestro Client Properties 119
Network Properties 120
File Access Properties 123
Character Encoding Properties 125
Setting Initial Values for Client Properties 126
Setting Default Values for Client Properties 127
Setting Properties for New and Existing Connections 128
Setting Miscellaneous Properties 130
Setting Permissions for Shared Resources 133
Configuring Authentication Protocols 134
Configuring AUTH_SYS/AUTH_UNIX 134
Configuring AUTH_DH/AUTH_DES 135
Configuring RPCSEC_GSS 135
Managing Shares 139
Browsing Hosts and Shares with the NFS Share Editor 140
Adding/Removing Host Names and Share Names 141
Editing Share Properties 142
Optimizing NFS Connections 143
Running the NFS Maestro Client Tuner Wizard 144
Chapter 6: Configuring and Tuning NFS Maestro Client
119
NFS Maestro Client Properties
The properties you can set for NFS Maestro Client fall into the following
categories:
Network Properties Determine the packet size, number of parallel
threads, transport protocol, NFS version, and port number in effect for
transactions between NFS Maestro Client and an NFS server.
File Access Properties Determine the permissions, file locking
mechanism, filesystem type, and file name case for resources in a connected
filesystem.
Encoding Properties Determine the character encoding used between
the local and remote hosts.
Authentication Properties Determine which protocol, credentials, and
authentication agent to use for authentication.
You can set default values for these properties using the Hummingbird NFS
Maestro Client Proper ties dialog box. The NFS Maestro Client Configuration
wizard also lets you set initial values for certain properties after installation.
The default values apply to a given connection unless you set specific values
for that connection using one of the following methods:
To set the properties for an existing connection, use the NFS Connection
Proper ties dialog box.
To set the properties for a connection when you establish it, use the NFS
Maestro Network Access dialog box or the nfs link command line
application.
To set the properties for a share in the network component, use the NFS
Share Proper ties dialog box. The specific values for the share take effect
as soon as you connect to the filesystem represented by the share.
Note: NFS Maestro Client maintains a single list of NFS shares in
the network component. Whatever changes you make to the
properties of a given share apply to all instances of that share in
every container in the network component. For more information,
see The Network Component (Hummingbird NFS) on page 86.
NFS Maestro Client Users Guide
120
Network Properties
For a given resource, you can configure the network connection between
NFS Maestro Client and the NFS server that exports the resource. You can
set the following properties:
NFS version
default group
transport protocol
port number
mount type
read/write settings
NFS Version
Use the NFS Version options (V2, V3, and V4) on the Network page to specify
which version of NFS you want NFS Maestro Client to use. Select the Auto
option if you want NFS Maestro Client to determine and match the version
of NFS used by the NFS server.
Default Group
You can specify the group ownership of newly created files and directories
in a connected filesystem by typing the name or GID of the group in the
Default Group box on the Network page. To change the group ownership of a
resource to a particular group, you must be a member of that group and the
owner of the resource.
Transport Protocol
Select TCP on the Network page if you want to connect to the NFS server
using the Transmission Control Protocol (TCP). Select UDP to use the User
Datagram Protocol (UDP). (This is the default option.) If you select TCP
and the NFS host does not support TCP, NFS Maestro Client connects using
UDP instead.
Chapter 6: Configuring and Tuning NFS Maestro Client
121
Port Number
Use the Por t Number box on the Network page to specify the server-side port
number for NFS requests. The port number is part of every packet that NFS
Maestro Client sends to the NFS server. The default number is 2049 (NFS
servers typically listen for transaction requests on port 2049). Some devices,
such as CD jukeboxes, may require a different port number. You can specify
any valid port number between 1 and 65535 that corresponds to the desired
service on the NFS server.
Mount Type
In the Mount Type area of the Network page, select Soft to connect the NFS
resource using a soft mount. A soft mount returns an error if the client is
unable to communicate with the NFS server for a certain periodif, for
example, the server is down or there is a problem with the network. If the
server does not respond within the set time period, NFS Maestro Client
closes the connection. This is the default mount type.
Select Hard in the Mount Type area to connect to the resource using a hard
mount. A hard mount repeatedly attempts to communicate with the NFS
server until the server responds.
Use a hard mount if you need to ensure that all NFS transactions across the
connection proceed to completion. Because a hard-mount connection
never times out, any NFS transaction that is interrupted will be completed
once communication with the NFS server is restored. For the same reason,
however, a hard mount connection requires extra CPU time whenever the
communication with the NFS server fails.
Use a soft mount if the connection is non-critical and you do not want the
connection to tie up CPU time whenever communication with the NFS
server fails.
Read/Write Settings
On the Network page, set the packet size for read and write requests using
the Read Size and Write Size boxes. Set the number of parallel threads for
read and write operations using the Parallel Reads and Parallel Writes boxes.
These boxes initially contain default values.
Packet size and thread number determine how NFS Maestro Client sends
data to (writes) and receives data from (reads) a particular NFS server.
NFS Maestro Client Users Guide
122
Packet Size The amount of data in bytes that NFS Maestro Client reads or
writes in a single transaction with an NFS server. Some network adapters
may have difficulty processing back-to-back packets on a send or receive
transaction. If your machine slows significantly when reading or writing
large files, the packet sizes are too large. Permitted values range from 512 to
65536 (64K) bytes in 512-byte increments.
Number of Parallel Threads The number of program components
(threads) that process a segment of a packet during a single network
transaction. In parallel, the threads operate independently of one another: a
given thread does not need to wait for the results from any other process.
The number of parallel threads you set can improve the speed of the
network transactions between NFS Maestro Client and the NFS server.
NFS Maestro Client sequentially processes large amounts of data (such as
64K) in packets of the specified size by the specified number of threads. For
example, if you configure NFS Maestro Client to read packets of 32K using 6
threads, then a transfer of 64K actually consists of two transfers of 32K, one
after the other; each transfer is processed by 6 parallel threads.
For more information, see
Optimizing NFS
Connections on
page 143.
The NFS Maestro Client Tuner wizard can determine and automatically set the
optimal network properties for transactions between your machine and a
particular NFS server.
Additional Network Properties
The Network page of the Hummingbird NFS Maestro Client Proper ties dialog
box lets you set the following additional network properties, which apply to
all connections.
Read/Write Settings
Number of Retries Specifies the number of times a network request is
retried before returning a timeout error to the operating
system. A typical value is 8. Too high a value can slow
operations. The NFS Maestro Client Tuner wizard
determines and automatically sets the optimal value
for this property.
Chapter 6: Configuring and Tuning NFS Maestro Client
123
File Access Properties
You can set the following properties that control access to resources in a
connected filesystem:
default UNIX-style permissions
default file name case
file locking mechanism
filesystem type
Default UNIX-Style Permissions
For more information on
UNIX permissions, see
page 82.
The default UNIX-style permissions apply to all files and directories that
you create in a connected filesystem. You can set Read, Write, and eXecute
permissions for the owner of the filesystem (User), for members of the
owners primary group (Group), and for everyone else (Other).
Directory permissions apply only to the directory, not to individual files
within it. In the event of a conflict, the directory permissions take
precedence.
To set these permissions, at least one of the following conditions must be
true when you connect:
you have supplied the credentials for the owner of the resource
you have supplied the credentials for the root user and the NFS server
administrator has granted root access for your machine
NFS Version
Force NFSv2 Forces NFS Maestro Client to use NFS version 2 for all
connections. Select this option if the NFS server is
using only NFS Version 2.
Enable NFSv4 Forces NFS Maestro Client to use NFS version 4 for all
connections if NFS version 4 is available on the server.
Use WebNFS Forces NFS Maestro Client to use the Web NFS
protocol for NFS transactions. Select this option if the
server supports Web NFS access.
NFS Maestro Client Users Guide
124
Default File Name Case
Use the Lowercase, Uppercase, or Preserve Case options to set the letter case
for the names of files and directories created in a connected filesystem.
The Lowercase option forces names to be lowercase (a file named File1.TXT
becomes file1.txt). The Uppercase option forces names to be uppercase
(file1.txt becomes FILE1.TXT). The Preserve Case option preserves the
case of names as specified by the client (File1.TxT remains File1.TxT).
Set the case depending on the type of clients that can access the resource:
Select Lowercase if 16-bit clients access files and directories that are also
accessed by UNIX or Windows clients.
Select Uppercase if applications that require uppercase names access the
files and directories.
Select Preserve Case if only case-distinguishing, case-preserving clients
(such as Windows clients) access the files and directories.
File-Locking Mechanism
On Windows and UNIX systems, applications that open or create a file can
restrict concurrent access to that file. An application can prevent (lock
out) other processes from reading the file, writing to it, or both. To avoid
data loss in a multi-user environment, all clients accessing a shared resource
need to use the same file-locking mechanism.
NFS Maestro Client can send its lock requests to either the native lock
manager (rpc.lockd or nlockmgr on most UNIX systems) or the hclnfsd
daemon on the NFS server. All connections to a given server must use the
same file-locking mechanism.
Chapter 6: Configuring and Tuning NFS Maestro Client
125
To send lock requests to the native lock manager on the NFS server, select
UNIX Lock Manager in the Locking area of the File Access page. (This is the
default option.) To send lock requests to the hclnfsd daemon, select
HCLNFSD. To prevent NFS Maestro Client from locking shared resources,
select Disabled.
Filesystem Type
If the NFS resource you want to access is a CD-ROM device, select CD-ROM
on the File Access page to ensure the names of shared resources on remote
CD-ROM devices do not include trailing semicolons and version numbers.
If the resource is not a CD-ROM, select Regular.
The ISOs naming convention for CD-ROM files requires the addition of a
semicolon and a version number at the end of each file name. If you select
CD-ROM, an exported CD-ROM resource called mycdfile.com;1 appears
under the name mycdfile.com. NFS Maestro Client also removes trailing
periods from resource names if you select this option.
By default, the volume label for a share is the resource name on the NFS
server. Some CD-ROM-based applications check for specific volume labels.
To specify a volume label for a share, type the label into the Label box on the
File Access page.
Character Encoding Properties
For more information on
character encoding, see
the Unicode Consortium
web site www.unicode.org.
For a given resource, you can specify any of the following character
encoding to be used between the local and remote hosts:
OEM (Default)This option is enabled by default and assumes that the
codepages on the local and remote systems match or file and/or directory
names consist only of printable ASCII characters between 0-127.
Note: NFS clients that are not compatible with the hclnfsd
daemon use the native lock daemon. The hclnfsd daemon and
the native lock daemon do not communicate with each other.
Therefore, if other NFS clients (such as Macintosh clients) access
the resources you have shared, select the UNIX Lock Manager
option to use the native lock manager on the NFS server.
NFS Maestro Client Users Guide
126
ANSISelect this option to enable ANSI character encoding and to retain
non-ASCII characters in file and/or directory names. ANSI encoding
assumes that the remote NFS server is using the ANSI codepage.
UTF-8 (Default for NFSv4)Select this option to enable UTF-8 character
encoding. UTF-8 encoding allows full representation of the Unicode
character set. It is the default used for NFSv4 (as per the protocol
specification). It is used, for example, to support Chinese characters in
remote file and/or directory names.
Setting Initial Values for Client Properties
For more information on
the wizard, see NFS
Maestro Client Help.
The NFS Maestro Client Configuration wizard lets you set initial values for NFS
Maestro Client properties. The wizard automatically opens the first time
you restart your computer after installing NFS Maestro Client. In addition
to the Welcome screen, the wizard offers the following screens:
Choose Authentication TypeLets you select the initial authentication
protocol.
Configure Directory ServicesLets you configure a directory service for
NFS Maestro Client.
Set Read/Write SettingsLets you set the initial values for network
properties (read/write packet size, number of parallel threads, maximum
outstanding network requests).
Configuration CompleteLets you apply the configuration you have
specified.
If you click Cancel to close the wizard at any time, NFS Maestro Client uses
the default settings (recorded in the Hummingbird NFS Maestro Client
Proper ties dialog box).
To access the wizard after installation:
1 On the Star t menu, point to Programs and navigate to Hummingbird
Connectivity.
2 Point to NFS Maestro Tools and click Client Configuration Wizard.
Chapter 6: Configuring and Tuning NFS Maestro Client
127
Setting Default Values for Client Properties
The Hummingbird NFS Maestro Client Proper ties dialog box lets you set
default values for NFS Maestro Client properties. The dialog box consists of
the following pages:
GeneralLets you set the default authentication protocol and view the
configuration of the current directory service profile.
File AccessLets you set default values for file access properties.
NetworkLets you set default values for network properties.
AdvancedLets you set default values for miscellaneous properties.
EncodingLets you set default settings for character encoding.
You can access the NFS Maestro Client Properties dialog box by doing the
following:
1 Open Network And Dialup Connections in the Control Panel.
2 Right-click Local Area Networks and click Proper ties.
3 Select Hummingbird NFS Maestro Client and click Proper ties.
NFS Maestro Client Users Guide
128
Setting Properties for New and Existing Connections
To set client properties for an existing connection, use the NFS Connection
Proper ties dialog box.
To set client properties for a new connection, use the NFS Share Proper ties
dialog box (accessed from the NFS Maestro Network Access dialog box). You
can also use the NFS Share Proper ties dialog box to set the properties for a
share in the network component. The specific values for the share take
effect as soon as you connect to the filesystem represented by the share.
For more information on
these dialog boxes, see
NFS Maestro Client Help.
Both dialog boxes contain the following pages:
NetworkLets you set default values for network properties.
File AccessLets you set default values for file access properties.
EncodingLets you set character encoding used between local and remote
hosts.
If you open the NFS Share Proper ties dialog box from the NFS Share Editor
or the NFS Maestro Client console, you can also access the following page:
GeneralLets you specify the share name, remote filesystem, and
authentication protocol for a new connection.
Chapter 6: Configuring and Tuning NFS Maestro Client
129
The procedure for opening the dialog box depends on whether you want to
set the properties for a new or existing connection or for a share.
To set properties for an existing connection, do one of the following:
In the NFS Maestro Network Access dialog box, select the connection
from the Network Path box. Click Proper ties.
In Windows Explorer, right-click the connected drive. On the pop-up
menu that opens, click Proper ties. On the NFS Proper ties page, click
Advanced.
To set properties for a new connection:
In the NFS Maestro Network Access dialog box, create a new connection;
then, click Proper ties. For more information, see Connecting from the NFS
Maestro Network Access Dialog Box on page 106.
To set properties for a share in the network component:
1 In Windows Explorer, navigate to Entire Network and expand it. The
network component is labelled Hummingbird NFS.
2 Expand the Hummingbird NFS folder.
3 Using the containers of the network component, browse for the server
you want to access and double-click it.
4 Right-click the share name for the filesystem. On the pop-up menu that
opens, click Proper ties.
To set properties for a share in the NFS Share Editor:
In the NFS Share Editor, select a host or a share and click Add Share or Edit
Share. For more information, see Adding/Removing Host Names and
Share Names on page 141.
NFS Maestro Client Users Guide
130
Setting Miscellaneous Properties
Use the Advanced page of the Hummingbird NFS Maestro Client Proper ties
dialog box to set miscellaneous client properties. These properties apply to
all connections.
Timeouts
Filename Cache Specifies the minimum interval before the client
updates its cache of file-name information.
File Attribute Cache Specifies the minimum interval before the client
updates its cache of file-attribute information.
RPC Requests Specifies the minimum interval before the client sends
another RPC request. If the network is slow, consider
increasing this value.
Chapter 6: Configuring and Tuning NFS Maestro Client
131
The Timeout properties let you specify the interval that NFS Maestro Client
waits before updating its cache of file name and attribute information. To
determine whether cached information has changed, NFS Maestro Client
repeatedly sends a network request to the NFS server, according to the
interval you have set.
Warning! Avoid modifying default timeout values for the file name
and file attributes unless you are directed to change them by
Hummingbird Technical Support or to resolve specific problems.
Contact Technical Support for more information.
Special Filename Characters
UNIX Hidden Chars
Specifies which characters at the beginning of a file
name denote hidden files in an exported filesystem.
Files beginning with any of the specified characters are
marked as hidden for PC clients. You can type up to 16
characters. The default character for UNIX is the period
(.login is considered a hidden file in UNIX).
Substitution Indicator Specifies which character is the substitution indicator
in network paths. The substitution indicator precedes
the special user or home variables or the name of a
directory service object. For more information, see
Specifying Network Paths as Directory Service
Queries on page 102.
Note: To specify default character encoding for NFS Maestro
Client, such as ANSI encoding, use the Encoding page of the NFS
Shared/Connection Properties dialog box or the NFS Maestro
Client Properties dialog box instead. For more information, see
Character Encoding Properties on page 125.
Miscellaneous
Ignore Execute Bit Forces NFS Maestro Client to ignore the state of the
execute bit for files in an exported filesystem. This
option lets PC clients execute files whether or not the
execute bit is set.
NFS Maestro Client Users Guide
132
Display Recursive
Symbolic Links
Displays looped symbolic links. If you select this
option, you cannot run the ls command line
application on a looped symbolic link, and you cannot
check the properties of a looped symbolic link. For
more information, see File Locking vs. Record
Locking on page 72.
Process Pre-Op
Attributes
Forces NFS Maestro Client to read operation attributes
for a directory and compare them with the attributes
cached on your system before completing the
operation. If the operation attributes differ from the
cached attributes, NFS Maestro Client caches the new
attributes.
If you are running NFS Maestro Client in Windows
2000/XP, select this option to improve NFS operations
involving directories that have a large number of files
(for example, more than 5000).
Enable Root Access For shared files, grants owner permissions to NFS
clients that supply a UID of 0.
Exact Filename
Matching
Forces NFS Maestro Client to perform a case-sensitive
match when searching for requested files during an
NFS transaction. Selecting this option can improve the
performance of file access.
If you do not enable this option, and there is no
case-sensitive match between the names of requested
files and the names of files in the exported filesystem,
NFS Maestro Client attempts to access files that have
the same names as the requested files but different
letter casean operation which can impede the
performance of the transaction.
Miscellaneous
Chapter 6: Configuring and Tuning NFS Maestro Client
133
Setting Permissions for Shared Resources
For more information on
permission styles, see
UNIX Permissions on
page 82 and NTFS
Permissions on page 84.
Providing you have the correct permissions for a shared filesystem, you can
change the permissions of files and directories within that filesystem. Using
the Windows shell, you can either change the UNIX-style permissions or
the NTFS-style Access Control List (ACL) for the shared resources. The
Windows shell is the interface framework for applications such as Windows
Explorer.
For NFS resources, directory permissions apply only to the directory, not to
individual files within it. In the event of a conflict, the directory permissions
take precedence. For NTFS resources, directory permissions can propagate
to child files and directories. See Windows Help for more information on
NTFS permissions.
To set permissions for a shared resource:
1 In Windows Explorer, right-click the resource. On the pop-up menu
that opens, click Proper ties.
2 In the Proper ties dialog box for the resource, do one of the following:
Click the Security tab. On the Security page, set the ACL for the
resource. Consult your Windows documentation for more
information.
For more information, see
Setting Properties for
New and Existing
Connections on
page 128.
Click the NFS Proper ties tab. On the NFS Proper ties page, set the
UNIX-style permissions for the resource. You can also set the
UNIX-style permissions for shared resources using the NFS
Connection Proper ties dialog box.
3 In the Proper ties dialog box, click OK.
You can also use the chmod command line application to change resource
permissions in a connected filesystem.
Note: If the filesystem has been exported with NFS versions 2
or 3, you can set Read, Write, and Execute permissions only.
NFS Maestro Client Users Guide
134
Configuring Authentication Protocols
For more information on
supported protocols, see
page 76.
The authentication properties you can set depend on the protocol you
select. NFS Maestro Client supports the following protocols:
AUTH_SYS/AUTH_UNIX
AUTH_DH/AUTH_DES
RPCSEC_GSS
Configuring AUTH_SYS/AUTH_UNIX
For more information on
hclnfsd and pcnfsd, see
Daemons Required for
NFS on page 70.
By default, NFS Maestro Client requests AUTH_SYS/AUTH_UNIX
authentication from the hclnfsd daemon on the NFS server you are trying
to access. If that daemon is not available, NFS Maestro Client tries the
pcnfsd daemon. If no authentication daemons are available on the NFS
server, NFS Maestro Client requests authentication from the hclnfsd
daemon (or if it is unavailable, the pcnfsd daemon) on the default
authentication server (if you have specified one).
You can use Hummingbird Directory Services to change the query order for
authentication agents and set a default authentication server. For more
information, see Hummingbird Directory Services Help.
To use AUTH_SYS/AUTH_UNIX as your authentication protocol:
For more information on
opening the Hummingbird
NFS Maestro Client
Properties box, see
Setting Default Values for
Client Properties on
page 127.
1 Open the Hummingbird NFS Maestro Client Proper ties dialog box. The
General page is selected by default.
2 In the Default Authentication Type area, select AUTH_SYS/AUTH_UNIX.
3 Click OK. The Hummingbird NFS Maestro Client Proper ties dialog box
closes. NFS Maestro Client is configured for AUTH_SYS/AUTH_UNIX
authentication.
When you next open the NFS Maestro Network Access dialog box, the
AUTH_SYS/AUTH_UNIX option is selected. Use the Connect As dialog box or
the nfs register command to specify your UNIX login information.
Chapter 6: Configuring and Tuning NFS Maestro Client
135
Configuring AUTH_DH/AUTH_DES
You can configure AUTH_DH/AUTH_DES in the Hummingbird NFS Maestro
Client Proper ties dialog box.
To use AUTH_DH/AUTH_DES as your authentication protocol:
For more information on
binding to a NIS+ server,
see Hummingbird
Directory Services Help.
1 Bind to the NIS+ server that operates as the authentication database for
the NFS network. To be able to access NFS resources, you must use your
user profile. If you cannot use your user profile, the NIS+ Keylogin
dialog box opens to let you enter your NIS+ credentials when you are
trying to connect.
2 Open the Hummingbird NFS Maestro Client Proper ties dialog box. The
General page is selected by default.
3 In the Default Authentication Type area, select AUTH_DH/AUTH_DES.
4 Click OK. The Hummingbird NFS Maestro Client Proper ties dialog box
closes. NFS Maestro Client is configured for AUTH_DH/AUTH_DES
authentication.
5 Click OK.
When you next open the NFS Maestro Network Access dialog box, the
AUTH_DH/AUTH_DES option is selected.
Configuring RPCSEC_GSS
For more information on
supported clients, see
RPCSEC_GSS
Authentication on
page 79.
Before you can use RPCSEC_GSS as your authentication protocol, you need
to download and install on your machine one of the following Windows
clients for Kerberos:
Hummingbird Connectivity Kerberos client
MIT Windows client for Kerberos V5
Once you have installed the client, you need to configure it for your
Kerberos realm.
Note: If you are attempting to connect to NFS resources using
AUTH_DH/AUTH_DES, those resources must be exported with
the AUTH_DH/AUTH_DES option. See NFS Export Options for
Authentication Protocols on page 272 for more information.
NFS Maestro Client Users Guide
136
Alternatively, if you are running Windows 2000/XP/Server 2003, you can
use Microsoft SSPI as the GSS provider. For more information about
configuring Microsoft SSPI, see the following white papers on the Microsoft
web site (www.microsoft.com):
Windows 2000 Kerberos Authentication
Step-by-Step Guide to Kerberos (krb5 1.0) Interoperability
To use RPCSEC_GSS as your authentication protocol:
1 If you are using Kerberos as your GSS provider, do the following:
For more information, see
Configuring the Kerberos
Client below.
a) Configure the Kerberos client for the desired Kerberos realm (if you
have not already done so).
b) Retrieve or renew your ticket for using the Kerberos service. For
more information, see Retrieving a Ticket-Granting Ticket below.
For more information on
binding to a directory
service, see Hummingbird
Directory Services Help.
c) Using Hummingbird Directory Services, bind your machine to the
NIS or NIS+ server that acts as the NFS authentication database.
Use your user profile. NFS Maestro Client uses the Kerberos
principal name you specify in step (a) to retrieve your
AUTH_SYS/AUTH_UNIX credentials.
2 Open the Hummingbird NFS Maestro Client Proper ties dialog box. The
General page is selected by default.
3 In the Default Authentication Type area, select RPCSEC_GSS and click
Proper ties. The RPCSEC_GSS Authentication Proper ties dialog box opens.
4 Do one of the following:
To use the installed Kerberos client as your GSS provider, select MIT
Kerberos for Windows. NFS Maestro Client uses whichever client
you have installed. If you have installed both Kerberos clients, NFS
Maestro Client uses the tickets generated by Connectivity Kerberos.
To use Microsoft SSPI as your GSS provider, select Microsoft SSPI.
This option takes effect only after you have restarted your system.
For more information on
service types, see
page 80.
5 Select the option button (None, Integrity, or Privacy) that corresponds to
the service type you want to use. Click OK. The dialog box closes.
Chapter 6: Configuring and Tuning NFS Maestro Client
137
6 Click OK to close the Hummingbird NFS Maestro Client Proper ties box and
apply your settings.
7 If you selected Microsoft SSPI as your GSS provider in step 3, restart
your system.
When you next open the NFS Maestro Network Access dialog box to connect
to a resource, the RPCSEC_GSS option is selected.
Configuring the Kerberos Client
The NFS Maestro Client implementation of RPCSEC_GSS supports the
default configuration of the Kerberos V5. If you change any of the default
settings of the Kerberos client, NFS Maestro Client may be unable to
connect to a resource using RPCSEC_GSS.
To configure the client for a particular Kerberos realm:
1 Open the client interface application.
2 Map the name of the realm to one or more Kerberos servers in the realm.
3 Map the name of the realm to the DNS domain that the realm protects.
If a protected host has the same name as the domain, map the realm to
the host name as well.
4 Specify the lifetime of your tickets (in minutes).
5 Specify the time server. This may be a Kerberos server or a dedicated
time server on the network.
6 Apply your settings.
After you have configured the client, you can retrieve the ticket for secure
communication with the Kerberos service itself (the ticket-granting ticket).
Note: If you are attempting to connect to NFS resources using the
Kerberos protocol for security, those resources must be exported
with a Kerberos export option. For more information, see NFS
Export Options for Authentication Protocols on page 272.
NFS Maestro Client Users Guide
138
Retrieving a Ticket-Granting Ticket
For the purposes of secure communication, the Kerberos service is the same
as any other service on a remote server: you must supply a ticket and
authenticator to Kerberos before you can request a ticket for any other
service.
The ticket you use to authenticate yourself to Kerberos is in effect a
ticket-granting ticket. You use this ticket for all subsequent communication
with Kerberos (for the duration of the ticket).
To retrieve a ticket-granting ticket for a particular realm:
1 Open the client interface application.
2 Select the realm.
3 Synchronize the time on your machine with the time server.
4 Get the ticket-granting ticket. You will need to specify your Kerberos
principal name and the password for that principal (stored in the
authentication database).
The Kerberos client saves the returned ticket and session key to RAM. You
will need to renew your ticket using the Kerberos client if you restart your
machine or if the ticket expires.
If the ticket expires during a connection, you can renew it without having to
re-establish the connection. NFS Maestro Client informs you if your ticket
has expired.
Chapter 6: Configuring and Tuning NFS Maestro Client
139
Managing Shares
The NFS Share Editor lets you configure shares in the Configured NFS
Hosts container of the network component. When you save any changes in
NFS Share Editor, the changes are saved in the system registry.
A share is an alias for an exported filesystem path. Using share names
simplifies the NFS connection process. Instead of specifying the entire path,
you need to specify only the host name and the filesystem share name.
Use the NFS Share Editor to do any of the following:
browse existing hosts and shares stored in the Configured NFS Hosts
container
add/remove host or share names
edit share properties
For more information, see
Optimizing NFS
Connections on
page 143.
run the NFS Maestro Client Tuner wizard
To open the NFS Share Editor:
1 On the Windows Star t menu, point to Programs and navigate to
Hummingbird Connectivity.
2 Point to NFS Maestro Tools, and then click NFS Share Editor.
NFS Maestro Client Users Guide
140
Browsing Hosts and Shares with the NFS Share Editor
The NFS Share Editor lets you browse network NFS hosts and their shares.
You can refresh the list of hosts displayed in the NFS Share Editor; during a
refresh, the NFS Maestro Share Editor queries your subnet for NFS hosts
and displays them in an expandable and collapsible list. If the main window
of the NFS Share Editor is initially empty when you launch the application,
you are prompted to start a subnet query (via a network broadcast).
Nested beneath each host, the NFS Share Editor lists the share names that
represent an exported filesystem on that host.
To update and use the list of hosts:
1 On the Edit menu (or the toolbar), click Refresh Host List.
The NFS Share Editor queries the local subnet for all NFS hosts and
displays the results.
2 Scroll through the list of hosts to find the one you want.
3 Double-click the host name (or click the collapse/expand icon to the left
of the name) to view the share names for that host.
To update and use the list of shares:
1 Select a host.
2 On the Edit menu, click Refresh Host Shares.
3 Double-click the share name to view properties for that share in the NFS
Share Proper ties dialog box.
Chapter 6: Configuring and Tuning NFS Maestro Client
141
Adding/Removing Host Names and Share Names
The NFS Share Editor lets you add or remove host names and share names.
When you add a host name, make sure that the name accurately reflects the
hosts actual network name.
To add a host name:
1 On the Edit menu (or on the toolbar), click Add Host.
2 Beside the new icon created in the list, type a name for the host and
press Enter.
After you press Enter, the NFS Share Editor places the host in the
correct alphabetical location.
To add a share name:
1 Select the host on which you want to create the share.
2 On the Edit menu (or on the toolbar), click Add Share. The NFS Share
Proper ties dialog box opens.
NFS Maestro Client Users Guide
142
3 On the General page, do the following:
a) In the Share Name box, type a name to represent the exported
filesystem.
For more information, see
Specifying Network
Paths on page 101.
b) In the Expor ted File System box, specify the path to the exported
filesystem. You can specify the path directly or as a directory service
query.
For more information about
authentication protocols,
see page 76.
c) In the Authentication Type area, specify an authentication protocol to
use for the connection.
For more information, see
Setting Properties for
New and Existing
Connections on
page 128.
4 On the Network and File Access pages, specify the appropriate settings
for the share.
To remove a host or share:
1 Select the host or share.
2 On the Edit menu (or the toolbar), click either Delete Host or Delete
Share.
Editing Share Properties
You can edit the properties for specific shares using the NFS Share Editor.
Changes made to the properties for a share affect only connections made
after the changes.
To edit a share name and other share properties:
1 Select the share.
2 On the Edit menu (or the toolbar), click Edit Share. The NFS Share
Proper ties dialog box opens.
3 On the three pages of the dialog box, change the settings as needed.
Chapter 6: Configuring and Tuning NFS Maestro Client
143
Optimizing NFS Connections
The NFS Maestro Client Tuner wizard is a diagnostic tool that determines
optimal network settings for connections to a given filesystem. The wizard
runs a two-part test against the specified filesystem:
Read Test The wizard creates a file on the filesystem (called
nfstest_machine.dat by default, where machine is the name of your
machine) and determines the optimal read settings for the file.
Write Test The wizard writes to a new file on the filesystem and
determines the optimal write settings. The write test is optional, and you
can disable it before beginning the test process. If you disable it, the tuning
process takes less time, but the write settings may not be optimal.
You must have write permissions for the specified filesystem. The wizard
deletes the test file after the test is completed.
You can run only one
instance of the wizard at a
time.
For both parts of the test, the wizard starts with one thread and ends with
eight threads while varying the read and write size. As the program runs, a
graphical display indicates the block size and number of threads being
tested.
When the test is completed, a screen shows the optimal read and write size
and thread combinations. You can view the statistics of the test in numerical
format or graph format (2D or 3D). Position the mouse pointer on any
portion of the graphs to view an explanatory pop-up.
You can save the optimal settings as defaults, either for all connections or
for only the specified one.
NFS Maestro Client Users Guide
144
Running the NFS Maestro Client Tuner Wizard
You can start the NFS Maestro Client Tuner wizard at any time using any of
the following methods:
On the Windows Star t menu, point to Programs and navigate to
Hummingbird Connectivity. Point to NFS Maestro Tools, and click Click
Client Tuner.
In the NFS Share Editor, select the share you want to tune; then, click
Tune Share.
For more information, see
The Network Component
(Hummingbird NFS) on
page 86.
In the network component, navigate to the host that contains the share
you want to tune; then, expand the host. Right-click the share. On the
pop-up menu that opens, point to NFS Maestro Client; then, click Tune
Share.
The settings displayed by the NFS Maestro Client Tuner wizard are the optimal
values for the client when the wizard and the client run under specific
conditions. Run the wizard when network activity is at its peak. If activity
increases, consider running the application again to optimize values. Such
values work well under the worst conditions.
The first screen of the NFS Maestro Client Tuner wizard identifies the purpose
of the wizard. Click Next to begin the configuration process.
You can click Star t on any screen except the first one to start the
optimization test. If you click Star t before you have completed the wizard,
the wizard uses the settings you have configured to that point plus the
default settings on any remaining screens.
Warning! When you start the test, the NFS Maestro Client Tuner
wizard transfers large amounts of data over the network, which
may slow network activity. Do not run any other applications while
the wizard is running.
Chapter 7
Configuring NFS Maestro Client
Through the Console
NFS Maestro Consoles 147
The Console Interface 147
Opening NFS Maestro Consoles 148
Configuring NFS Maestro Products Remotely 150
Applying Configurations to Multiple Machines 151
The NFS Maestro Client Console 152
Chapter 7: Configuring NFS Maestro Client Through the Console
147
NFS Maestro Consoles
The Microsoft Management Console (MMC) is a tool that lets
Administrators manage various system and network components. The
console is actually a set of other tools, called snap-ins, that the console
collects in a central access point. Each snap-in is an administrative interface,
or console, for a given system or network component.
The NFS Administration
feature is installed by
default.
Hummingbird provides MMC snap-ins for NFS Maestro products. If you
are an Administrator on your machine and you have installed the NFS
Administration feature, you can use a console to configure NFS Maestro
products.
MMC lets you open multiple instances of each product snap-in; each
snap-in can apply to a different machine on the network, so that you can
configure remote versions of the product from a single console. For
Hummingbird Directory Services and NFS Maestro Client, you can also
apply a given console configuration to multiple machines simultaneously.
The NFS Maestro snap-ins require MMC version 1.2 or later. The latest
version of MMC ships automatically with Windows 2000/XP and Windows
Server 2000/2003.
For more information on downloading these components, visit the
following site:
http://www.microsoft.com/downloads
The Console Interface
The left pane of an NFS Maestro console is a tree structure. Each first-level
node in this tree corresponds to an NFS Maestro snap-in that you have
added to the tree.
NFS Maestro Client Users Guide
148
You can add multiple snap-ins to a given console, and you can configure the
corresponding node for each snap-in to target either the local or a remote
machine. As a result, you can configure multiple NFS Maestro products on
multiple machines from a single console.
When you expand a product node in the tree, the subnodes correspond to
the program components that you can configure. The depth of a given
subtree depends on the product.
When you click on any node at any level in the tree, the contents of the node
appear in the right pane of the console.
Opening NFS Maestro Consoles
To configure an NFS Maestro product through MMC, you can add the
product snap-in to a new or existing console. You can add any number of
NFS Maestro snap-ins to a console and save the console to a file (.msc) for
later use. Hummingbird also provides a dedicated console for each product,
called the Console window, which you can access from the Star t menu.
Note: You cannot add snap-ins to the Console windows.
Chapter 7: Configuring NFS Maestro Client Through the Console
149
To open an NFS Maestro console in MMC:
1 Open the console by doing one of the following:
At the command line, type mmc.
On the Star t menu, click Run. In the Run dialog box, type mmc, and
then click OK.
2 To open an existing NFS Maestro console, click Open on the Console
menu. In the Open dialog box, navigate to and select the .msc file you
want to open.
3 To add an NFS Maestro snap-in to the current console, do the
following:
a) On the Console menu, click Add/Remove Snap-In.
b) In the Add/Remove Snap-In dialog box, click Add.
c) In the Add Standalone Snap-In dialog box, select the NFS Maestro
products you want to add to the current console. Click Add.
For more information on
configuring remote
machines, see page 150.
d) In the Select Computer dialog box, specify whether you want the
snap-in to control the local machine or a remote machine. Click
Finish.
e) Repeat steps cd as necessary (a console can contain multiple
snap-ins). In the Add Standalone Snap-In dialog box, click Close.
f) In the Add/Remove Snap-In dialog box, click OK.
For information on adding snap-ins and opening/saving console files
within the console, see MMC Help.
To open an NFS Maestro Console window:
1 On the Windows Star t menu, point to Programs and then navigate to
Hummingbird Connectivity.
2 Point to NFS Maestro Tools, and then click the console that you want to
open.
NFS Maestro Client Users Guide
150
Configuring NFS Maestro Products Remotely
The MMC snap-ins for NFS Maestro let Administrators configure remote
instances of NFS Maestro products. Each console or snap-in within a
console can connect to a different machine.
You do not need to specify
credentials if you are a
domain Administrator and
the remote machine
belongs to the domain.
Because the Administrator account on the remote machine may have
different credentials than your local Administrator account, you can specify
different credentials for the connection; the console configures the remote
machine as the specified user.
To configure an NFS Maestro product remotely:
1 Open the Select Computer dialog box by doing the following:
a) In the left pane of the current console, right-click the NFS Maestro
product that you want to configure.
b) On the menu that opens, click Connect to Another Computer.
The Select Computer dialog box also opens whenever you add an NFS
Maestro snap-in to a console.
2 In the dialog box, select Another Computer and then do one of the
following:
Type the host name or IP address of the remote machine in the box.
Click Browse. In the Browse for Computer dialog box, browse the
network and select the remote machine.
3 Specify Administrator credentials for the remote machine, if necessary:
a) Click Change.
b) In the Connect As dialog box, clear Connect as Current User, and then
specify the user name and password for the remote Administrator.
c) Click OK.
As a security precaution,
credential information is
not saved to the file by
default.
d) In the Select Computer dialog box, select Save Credentials To Console
File if you want the specified credentials saved with .msc file for the
console. If you do not save the credentials with the file, you need to
specify them each time you open the console.
4 Click Finish.
Chapter 7: Configuring NFS Maestro Client Through the Console
151
Applying Configurations to Multiple Machines
In Hummingbird Directory Services and NFS Maestro Client, you can apply
a given console configuration to multiple remote machines.
To configure remote machines, either of the following conditions must be
true:
you are a domain Administrator and each machine belongs to the
domain
your Windows account credentials match the credentials of the
Administrator for each machine (or the credentials for a member of the
Administrators group on each machine)
To configure multiple remote machines:
1 Open the Select Computers dialog box by doing the following:
a) In the left pane of the current console, right-click the NFS Maestro
product that you want to configure.
b) On the menu that opens, click Apply to Other Computers.
2 Specify the machines you want to configure by doing any of the
following:
To specify a machine explicitly, type its name or IP address in the
Enter Hosts to Configure box, and then click Add.
To specify all available machines that are part of the same domain
or workgroup as your local machine, click Populate. If the host list
contains any machines that you do not want to configure, select the
machines and then click Remove.
3 Click OK.
NFS Maestro Client Users Guide
152
The NFS Maestro Client Console
The NFS Maestro Client console provides a single access point for
configuring client properties and shares in the network component. The
console tree consists of the following nodes:
NFS Maestro Client NodeRepresents a local or remote instance of the
product. When you select this node, the right pane of the console lists the
containers configured for the product.
To set default client properties for the product, select this node and click
the Properties button.
To add or remove a custom container from the product, select this node
and click the Add/Remove Container button.
Container NodeRepresents a container in the network component
(either a custom container or the Configured NFS Hosts container). When
you select this node, the right pane of the console lists the hosts that are
stored in the container.
To view or modify the properties of a custom container, select its node
and click the Properties button.
To add or remove hosts from a container, select its node and click the
Add/Remove Hosts button.
Host NodeRepresents a host in a container. When you select this node,
the right pane of the console lists the shares configured for the host.
To add a share to a host, select its node in the Configured NFS Hosts
container and then click the Add Shares button.
To refresh the shares for a host, select its node in the Configured NFS
hosts container and then click the Refresh Shares button.
To view a summary of NFS information about a host, such as the
daemons running on the host and its exported filesystems and printers,
select the node for the host and then click the Properties button.
Share NodeRepresents a share in a host. You can view shares only for
hosts in the Configured NFS Hosts container.
To view or modify the properties of a share, select its node and then click
the Properties button.
To tune a share, select its node and click the Load NFS Tuner button.
Note: You can tune shares only when configuring the local machine.
Chapter 7: Configuring NFS Maestro Client Through the Console
153
Console Buttons
Properties ButtonOpens a dialog box that configures the properties of
the selected node.
Refresh ButtonRefreshes the contents of the selected node. Click this
button to update the console listing for a container whenever you change
the container using the NFS Share Editor or the Windows shell.
Delete ButtonDeletes the selected container, host, or share node. You
cannot delete the Configured NFS Hosts container node.
Add/Remove Containers ButtonOpens the Add/Remove Containers
dialog box, which lets you add containers to or remove containers from
the network component.
Add/Remove Hosts ButtonOpens the Add/Remove NFS Hosts dialog
box, which lets you add hosts to or remove hosts from the selected
container.
Add Share ButtonOpens the NFS Share Properties dialog box, which
lets you create and set the properties for a new share.
Refresh Host Shares ButtonRefreshes the list of shares in the right
pane of the console for the host selected in the left pane.
Load NFS Tuner ButtonOpens the NFS Maestro Client Tuner wizard for
the selected share. This button is not available when you are configuring
remote versions of NFS Maestro Client.
Chapter 8
NFS Maestro Name Mapping Server
Introducing NFS Maestro Name Mapping Server 157
Name Mapping Options 158
The NFS Maestro Name Mapping Server Console 159
Opening NFS Maestro Name Mapping Server Configuration 159
Running the Server in a Cluster Environment 161
Basic Concepts 161
The NFS Name Space 161
Primary and Secondary Mappings 162
Name Mapping for NFS Maestro Gateway 164
Name Mapping for NFS Maestro Server 164
Name Mapping for NFS Maestro Client 165
Retrieving Password and Group Files 165
Specifying the NFS Name Space 167
Specifying Mapping Styles 167
Mapping User and Group Names Automatically 168
Mapping User and Group Names Manually 172
Specifying Default Mappings 176
Unmapped Windows Names 176
Unmapped NFS Names 177
Exporting and Importing Name Mappings 179
Synchronizing Name Mappings 181
Chapter 8: NFS Maestro Name Mapping Server
157
Introducing NFS Maestro Name Mapping Server
NFS Maestro Name Mapping Server lets you map user and group names
from Windows domains to the corresponding identification values in an
NFS domain, such as UNIX user identification (UID) and group
identification (GID) values. In effect, you create a table that matches user
and group names from a Windows domain to the corresponding values in
an NFS domain.
Name mapping is necessary because Windows credentials and NFS
credentials are not compatible. For example, an NFS client cannot
automatically access a shared Windows resource because Windows does not
recognize NFS credentials. The shared resource is accessible only to those
clients with valid Windows credentials. To overcome this, you can use the
name mapping server to map NFS names to the names of existing Windows
users. Other NFS Maestro products use the name mapping server to retrieve
these Windows-to-NFS credential associations.
By default, NFS Maestro Name Mapping Server runs as a service on the
machine on which you have installed an NFS Maestro product. All name
mappings, in this case, are stored on a Hummingbird name mapping server.
Use the NFS Maestro Name Mapping Server Configuration dialog box or the
NFS Maestro Name Mapping Server console to configure the name
mappings used by the service.
Note: If you need to map a large number of names using NFS
Maestro Name Mapping Server (for example, > 10,000), we
recommend that you use a server machine with the following
characteristics:
Pentium 3 processor (or better)
256 MB RAM (or better)
NFS Maestro Client Users Guide
158
You can also configure name mappings to be stored on a network-wide
Active Directory by configuring an LDAP name mapping server. In this
case, use the NFS Maestro Name Mapping Server console to configure the
name mappings used stored on this serverAny mappings created using
the NFS Maestro Name Mapping Server Configuration dialog box are
automatically stored on a Hummingbird name mapping server.
Name Mapping Options
When you configure the name mapping table, you can set the following
options:
NFS Name Space The source for NFS user and group identification
values. You can specify whether the name mapping server retrieves the NFS
name space from a directory service or from locally stored files.
Default Mappings The name mappings for any users and groups that do
not have a dedicated mapping. When you set up the mapping table, you
may choose to map only certain names. You can then set up default
mappings for any clients that do not appear in the mapping table.
Mapping Style The type of mapping: automatic or manual (selective).
NFS Maestro Name Mapping Server Configuration can automatically map
all names from a given Windows domain to the corresponding names in the
NFS name space. You can also create mappings for a certain set of users and
groups.
Note: If there are multiple name mapping servers on your
network, you can use Hummingbird Directory Services to specify
the server(s) you want to use for your Hummingbird Connectivity
application. For more information, see the Hummingbird Directory
Services chapter.
Note: When you change mappings in NFS Maestro Name
Mapping Server Configuration and save your changes, it takes a
few minutes for the changes to propagate to the other NFS
Maestro products that use the server. The length of time it takes
for the changes to propagate depends on the number of names
that are mapped.
Chapter 8: NFS Maestro Name Mapping Server
159
The NFS Maestro Name Mapping Server Console
The Microsoft Management Console (MMC) is a tool that lets
Administrators configure various system and network components. The
console is actually a set of other tools, called snap-ins, that the console
collects in a central access point. Each snap-in is an administrative interface,
or console, for a given system or network component.
For more information on
the console, see NFS
Maestro Name Mapping
Server Configuration Help.
Hummingbird provides an MMC snap-in that lets you configure local and
remote instances of NFS Maestro Name Mapping Server through a console.
It also lets you configure name mappings to be stored on an LDAP name
mapping server, which can only be done using the console and not the NFS
Maestro Name Mapping Server Configuration dialog box. The snap-in is
installed whenever you install the NFS Administration feature for any NFS
Maestro product.
Opening NFS Maestro Name Mapping Server
Configuration
You can open NFS Maestro Name Mapping Server Configuration from the
Windows Star t menu or from the console.
To open NFS Maestro Name Mapping Server Configuration:
1 On the Windows Star t menu, point to Programs and navigate to
Hummingbird Connectivity.
2 Point to NFS Maestro Tools and then click Name Mapping Server
Configuration.
NFS Maestro Client Users Guide
160
The NFS Maestro Name Mapping Server Configuration dialog box opens.
To open the NFS Maestro Name Mapping Server console:
1 On the Windows Star t menu, point to Programs and navigate to
Hummingbird Connectivity.
2 Point to NFS Maestro Tools and then click Name Mapping Server Console.
The NFS Maestro Name Mapping Server console opens.
Chapter 8: NFS Maestro Name Mapping Server
161
Running the Server in a Cluster Environment
NFS Maestro Name Mapping Server Configuration supports Windows
Clustering Technology. A cluster is a collection of independent computing
devices that act as a single entity. Each device in the cluster is known as a
node. Running NFS Maestro Name Mapping Server Configuration in a
cluster provides the following advantages of the Cluster service:
High Availability If you configure the server on a node that subsequently
fails or is taken offline for maintenance, the cluster software transfers the
name mapping information to an available node in the cluster, with little or
no interruption in service to applications using the name mapping server.
Failback If a node containing the name mapping server fails, the cluster
software automatically restores the server to the node when the node comes
online again.
Basic Concepts
The following sections present the basic concepts relevant to NFS Maestro
Name Mapping Server Configuration.
The NFS Name Space
In order to map Windows names to names in the NFS name space, you
must first retrieve the NFS names, either from a UNIX host or from a
directory service.
Retrieving NFS Names from a UNIX Host
For more information, see
Retrieving Password and
Group Files on page 165.
A UNIX host stores its UID and GID information in two files:
a password file (for example, /etc/passwd) that associates each user
name with a password, a UID, and a primary GID
a group file (for example, /etc/group) that associates the ID of each
group with IDs of the groups members
NFS Maestro Client Users Guide
162
Together, these files specify the credentials for each user name. Before NFS
Maestro Name Mapping Server Configuration can correlate the
information stored in these files with the names of Windows users, you
must first copy the files from the UNIX host to the name mapping server
machine.
Retrieving NFS Names from a Directory Service
A directory service is a distributed database system that centralizes useful
network information such as host addresses and user passwords. If a
directory service like NIS or NIS+ is running on the NFS network, a given
UNIX host does not need to maintain its own copies of files such as
/etc/passwd and /etc/group. Instead, this information resides on a single
server (and possibly one or more supplementary servers) that distributes
the information across the network.
For more information on
binding to a directory
service, see Hummingbird
Directory Services Help.
You can configure NFS Maestro Name Mapping Server Configuration to
query a directory service and correlate the returned credentials with the
names of Windows users. To do so, you first must bind to the directory
service using Hummingbird Directory Services.
Primary and Secondary Mappings
A Windows-to-NFS mapping can be one-to-one (one user name to one
UID) or many-to-one (multiple user names to one UID). Usually, you make
many-to-one mappings only if you are configuring the name mapping
server for NFS Maestro Gateway.
If multiple mapping exists for a single NFS user or group, then one of the
mappings becomes the primary mapping (P) and the remaining mappings
become secondary mappings (S). When NFS clients connect to shared
resources, NFS Maestro Server grants access to the resources according to
the primary mapping for the UID and GIDs supplied by the clients.
Chapter 8: NFS Maestro Name Mapping Server
163
When you map multiple Windows users or groups to a single NFS user or
group name, NFS Maestro Name Mapping Server Configuration
determines the primary mapping using the following rules:
Selective mappings take precedence over imported mappings and
automappings.
Imported mappings take precedence over automappings.
The precedence of multiple imported mappings and automappings
corresponds to the order in which they are made.
Example
Provided that the following name mappings exist:
and you import the following mappings:
Windows User NFS User UID P
\\USER\Bob [email protected] 100 P
\\USER\George [email protected] 100 S
\\USER\Elizabeth [email protected] 500 P
\\USER\Jane [email protected] 200 P
Windows User NFS User UID P
\\USER\Sue [email protected] 500 P
\\USER\George [email protected] 100 P
\\USER\Jane [email protected] 600 P
\\USER\Jim [email protected] 700 P
NFS Maestro Client Users Guide
164
the following mappings apply:
Name Mapping for NFS Maestro Gateway
NFS Maestro Gateway retrieves Unix user and group names or UID and
GID values from the name mapping server to let Windows clients access
exported NFS resources. You must assign a valid NFS name to each NFS
Maestro Gateway client that has access to the share.
Name Mapping for NFS Maestro Server
NFS Maestro Server retrieves Windows user and group names from the
name mapping server to grant NFS clients access to exported resources on
the NFS server. The pcnfsd component of NFS Maestro Server also uses the
name mapping server to authenticate PC clients that do not supply NFS
credentials when they attempt to access an exported resource. Clients must
supply pcnfsd with one of the following types of credentials:
A valid user name and password from the NFS name space. In this case,
pcnfsd validates the credentials using NFS Maestro Name Mapping
Server Configuration.
A valid user name and password from a Windows domain or machine.
In this case, pcnfsd must have access to the domain controller to verify
the credentials. If they are valid, pcnfsd uses NFS Maestro Name
Mapping Server Configuration to retrieve the UID and GIDs for the
client.
Before NFS clients can access resources shared by NFS Maestro Server, you
need to map NFS names to Windows user and group names.
Windows User NFS User UID P
\\USER\Bob [email protected] 100 P
\\USER\George [email protected] 100 S
\\USER\Elizabeth [email protected] 500 P
\\USER\Sue [email protected] 500 S
\\USER\Jane [email protected] 200 P
\\User\Jim [email protected] 700 P
Chapter 8: NFS Maestro Name Mapping Server
165
Name Mapping for NFS Maestro Client
When you use NFS Maestro Client to connect to an exported file system,
you can change the Access Control List (ACL) for files and directories
within the file system, provided that you have permission to do so. NFS
Maestro Client sets the Access Control Entries (ACEs) for NFS users and
groups based on the corresponding Windows user and group names in NFS
Maestro Name Mapping Server Configuration.
For example, if you grant the Windows user Jane Full Control permissions
for a shared file, and the NFS user Jausten maps to Jane in the name
mapping server, Jausten can access the shared file with Read, Write, and
Execute permissions. For more information on setting ACEs for shared
resources, see NFS Maestro Client Help.
Retrieving Password and Group Files
You can retrieve password and group files from a UNIX host. Alternatively,
if the host uses a directory service, you can query the service to retrieve the
password and group information, save the results as files, and then transfer
the files to the name mapping server. If you have used Hummingbird
Directory Services to bind to a domain, you can generate the password and
group files directly.
To retrieve the password and group files from a UNIX host:
Using a method such as FTP, transfer the /etc/passwd and /etc/group files
from the UNIX host to the name mapping server.
Note: You cannot use NFS Maestro Name Mapping Server
Configuration for client authentication. Depending on the
authentication protocol you are using, you can authenticate your
credentials using an authentication agent on the NFS server or on
a default authentication server, or using another authentication
mechanism (such as a directory service).
NFS Maestro Client Users Guide
166
To retrieve password and group files using a directory service:
1 Log into a UNIX host that uses a directory service.
2 Depending on the type of directory service domain, execute the
following commands:
NIS domain:
ypcat passwd.byname > passwd
ypcat group.byname > group
NIS+ domain:
niscat passwd.org_dir > passwd
niscat group.org_dir > group
where passwd and group are the names of the password and group
files respectively.
3 Transfer the passwd and group files from the UNIX host to the name
mapping server using a method such as FTP.
To retrieve credential files using Hummingbird Directory Services:
1 Configure the system profile in Hummingbird Directory Services to
bind to a directory service.
2 Depending on the type of directory service you are using, execute the
following commands:
NIS service:
ypcat passwd.byname > passwd
ypcat group.byname > group
NIS+ service:
niscat passwd.org_dir > passwd
niscat group.org_dir > group
where passwd and group are the password and group file names.
You can also use the Output To File option in Directory Services Explorer to
retrieve password and group information from a directory service. See
Directory Services Explorer Help for more information.
Chapter 8: NFS Maestro Name Mapping Server
167
Specifying the NFS Name Space
For more information, see
Retrieving NFS Names
from a Directory Service
on page 162 and
Retrieving Password and
Group Files on page 165.
If you want to use a directory service to retrieve NFS names, you must first
bind to that service. If you want to use the password and group files from a
UNIX host instead, you must first copy those files to the name mapping
server.
To specify the NFS name space:
1 Open the NFS Maestro Name Mapping Server Configuration dialog box.
The General page opens by default.
2 In the NFS Name Space area, select a source for NFS names.
For information on
configuring a directory
service, see Hummingbird
Directory Services Help.
To retrieve names from a configured directory service, select
Directory Services. This option is available only if you have
configured a directory service.
To retrieve names from local files, select Local Files and then type
the local path and name of the files in the Password File and Group
File boxes. You can also use the Browse button beside each box to
browse for and select each file.
Specifying Mapping Styles
You can map Windows user and group names to NFS names using two
methods:
automatically, using the Auto Mapping dialog box
manually, using the Selective Mapping dialog box
Note: If you select Local Files but do not specify the files, NFS
Maestro Name Mapping Server Configuration uses default
settings for unmapped names.
NFS Maestro Client Users Guide
168
Mapping User and Group Names Automatically
Automapping lets you take NFS names (from a UNIX host or a directory
service) and automatically correlate them to Windows names. Such
automation reduces the risk of incorrect mapping and saves you from
mapping users and groups one by one.
To map names automatically:
For information on
mapping names through
the console, see NFS
Maestro Name Mapping
Server Configuration Help.
1 Open the NFS Maestro Name Mapping Server Configuration dialog box.
The General page opens by default.
2 In the Name Mapping area, click Configure.
Note: In order to optimize name mapping performance when
creating a large number of mappings, it is recommended that you
modify the value of the NameMappingHash registry key, found in the
HKEY_LOCAL_MACHINE\SOFTWARE\Hummingbird\
Connectivity\version\Common folder of the registry, as follows:
1if the total number of name mappings is < 15,000
2if the total number of name mappings is < 30,000
3if the total number of name mappings is >= 30,000
By default, the NameMappingHash registry key is set to 1.
Chapter 8: NFS Maestro Name Mapping Server
169
The Name Mapping dialog box opens.
3 In the dialog box, select one of the following:
Click the Users tab to automatically map user names.
Click the Groups tab to automatically map group names.
NFS Maestro Client Users Guide
170
4 In the Auto Mapping area, click Add. The Auto Mapping dialog box opens.
The NFSv4 Domain box automatically displays the NFSv4 domain that
applies to the NFS name space. This domain is a necessary part of NFS
names for NFSv4 only and is specified on the NFSv4 Domain page of the
Hummingbird Directory Services Proper ties dialog box. For information,
see Hummingbird Directory Services Help.
5 In the Windows Domain box, type or select the appropriate host or
domain for the names that you want to map.
Chapter 8: NFS Maestro Name Mapping Server
171
6 Do one of the following:
To map all Windows names in the selected domain, select Select All
Windows Names.
To map selected Windows names in the selected domain, do the
following:
a) Clear Select All Windows Names.
b) Click Load in the Windows area. The names available for mapping
from the specified source appear in the Windows Domain list.
Windows names that you have already mapped do not appear in the
list.
c) From the list in the Windows area, select the Windows names that
you want automatically mapped.
7 Click Create and then click Close. The specified Windows names are
mapped to the matching UIDs and GIDs for the retrieved NFS names.
All name mappings are listed in the Mapped Names area in the Name
Mapping dialog box.
8 In the Name Mapping dialog box, click OK.
Note: You can click Load in the NFS area to display available NFS
names in the list in the NFS area; however, you cannot select
these names.
Note: NFS Maestro Name Mapping Server Configuration can
automatically map only those Windows names that match NFS
names. If a Windows user does not have an NFS account under
the same name, you must map that user manually.
NFS Maestro Client Users Guide
172
Mapping User and Group Names Manually
By manually creating name mappings, you can control the type and
number of name mappings created. This ensures that you create only
mappings that you require.
There are two ways you can map names: you can map Windows names to
NFS names by selecting user or group names from a list, or map a particular
Windows name to an NFS user or group name.
To manually map one or more user names from a list:
For information on
mapping names through
the console, see NFS
Maestro Name Mapping
Server Configuration Help.
1 Open the NFS Maestro Name Mapping Server Configuration dialog box.
The General page opens by default.
2 In the Name Mapping area, click Configure. The Name Mapping dialog box
opens.
3 In the dialog box, select one of the following:
Click the Users tab to manually map user names.
Click the Groups tab to manually map group names.
4 In the Selective Mapping area, click Add. The Selective Mapping dialog
box opens.
5 In the Windows Domain box, type or select the appropriate host or
domain for the names you want to map. You might not have access to
every domain listed in the Windows Domain box.
Note: In order to optimize name mapping performance when
creating a large number of mappings, it is recommended that you
modify the value of the NameMappingHash registry key, found in the
HKEY_LOCAL_MACHINE\SOFTWARE\Hummingbird\
Connectivity\version\Common folder of the registry, as follows:
1if the total number of name mappings is < 15,000
2if the total number of name mappings is < 30,000
3if the total number of name mappings is >= 30,000
By default, the NameMappingHash registry key is set to 1.
Chapter 8: NFS Maestro Name Mapping Server
173
6 Click Load in the Windows area. This adds the names available for
mapping from the selected Windows domain or host to the list in the
Windows area. Windows names that you have already mapped do not
appear in the list.
7 Click Load in the NFS area to add the NFS names to the list in the NFS
area.
The NFSv4 Domain box automatically displays the NFSv4 domain that
applies to the NFS name space. This domain is a necessary part of NFS
names for NFSv4 only and is specified on the NFSv4 Domain page of the
Hummingbird Directory Services Proper ties dialog box. For information,
see Hummingbird Directory Services Help.
8 Select one or more names from the Windows Domain list and one name
from the NFS list.
9 If you selected more than one Windows name, specify one of them as
the primary name using the Primary check box.
10 Click Create. If you specified more than one primary name in the
previous step, the Choose Primary Name dialog box opens. In the dialog
box, select only one of the Windows names as the primary name, and
click OK.
The selected Windows names are mapped to the matching UIDs and
GIDs for the selected NFS name.
NFS Maestro Client Users Guide
174
11 Repeat steps 511 for the other names you want to map, and then click
Close. All name mappings are listed in the Mapped Names area in the
Name Mapping dialog box.
12 In the Name Mapping dialog box, click OK.
To manually map a single name:
For information on
mapping names through
the console, see NFS
Maestro Name Mapping
Server Configuration Help.
1 Open the NFS Maestro Name Mapping Server Configuration dialog box.
The General page opens by default.
2 In the Name Mapping area, click Configure. The Name Mapping dialog box
opens.
3 In the dialog box, select one of the following:
Click the Users tab to manually map user names.
Click the Groups tab to manually map group names.
4 In the Mapped Names area, click Add. The Selective Mapping dialog box
opens.
Chapter 8: NFS Maestro Name Mapping Server
175
5 In the Windows Domain box, type or select the appropriate host or
domain for the names you want to map. You might not have access to
every domain listed in the Windows Domain box.
6 In the Name box of the Windows area, type the Windows name for
which you want to create a mapping. You cannot create a mapping for a
Windows name that has already been mapped.
7 In the Name box of the NFS area, type the NFS name that you want
mapped to the Windows name.
The NFSv4 Domain box automatically displays the NFSv4 domain
specified in the NFSv4 Domain page of the Hummingbird Directory
Services Proper ties dialog box. For information on specifying an NFSv4
domain, see Hummingbird Directory Services Help.
For more information, see
Primary and Secondary
Mappings on page 162.
8 Select Primary only if you want to set the specified Windows name as the
primary name.
9 Click Create. The selected Windows name is mapped to the matching
UIDs and GIDs for the selected NFS name.
10 Repeat steps 510 for the other names you want to map, and then click
Close. All name mappings are listed in the Mapped Names area in the
Name Mapping dialog box.
11 In the Name Mapping dialog box, click OK.
NFS Maestro Client Users Guide
176
Specifying Default Mappings
Use the Unmapped Names dialog box to specify default mappings for users
and groups that do not appear in the name mapping table. In this way, you
can ensure that any client can access a shared resource with specific
permissions.
Unmapped Windows Names
To configure NFS Maestro Gateway, you must provide a dedicated mapping
for all Windows clients that you want to grant access to shared NFS
resources. You can also specify a default NFS name for unmapped Windows
users so they will be able to access shared resources with the same privileges
as the default NFS user.
Warning! To protect shared NFS resources from
unauthorized access, it is recommended that you map
unmapped Windows names to the nobody user and nobody
group in the NFS domain.
Chapter 8: NFS Maestro Name Mapping Server
177
To specify a default NFS name for unmapped Windows names:
1 Open the NFS Maestro Name Mapping Server Configuration dialog box.
The General page appears by default.
2 In the Unmapped Names area, click Configure. The Unmapped Names
dialog box opens.
3 In the dialog box, select one of the following:
Click the Users tab to specify a default NFS user name.
Click the Groups tab to specify a default NFS group name.
4 In the Unmapped Windows Names area, click Change to specify a new
default name. The Select NFS Name dialog box opens.
The NFSv4 Domain box automatically displays the NFSv4 domain that
applies to the NFS name space. This domain is a necessary part of NFS
names for NFSv4 only and is specified on the NFSv4 Domain page of the
Hummingbird Directory Services Proper ties dialog box. For information,
see Hummingbird Directory Services Help.
5 Click Load to load the NFS names.
6 Select the NFS name that you want to specify as the default name for
unmapped Windows names.
7 Click OK. The new default name is specified in the Unmapped Windows
Names area in the Unmapped Names dialog box.
8 In the Unmapped Names dialog box, click OK.
Unmapped NFS Names
To configure NFS Maestro Server and NFS Maestro Client, you must
provide a dedicated mapping for all NFS clients that you want to grant
access to shared resources. You can specify a default Windows name to
unmapped NFS users so that they will be able to access shared resources
with the same privileges as the default Windows user.
Warning! To protect local Windows resources from unauthorized
access, it is recommended that you map unmapped NFS names
to the Guest user and Guests group on the Windows machine.
NFS Maestro Client Users Guide
178
To specify a default Windows name for unmapped NFS names:
1 Open the NFS Maestro Name Mapping Server Configuration dialog box.
The General page appears by default.
2 In the Unmapped Names area, click Configure. The Unmapped Names
dialog box opens.
3 In the dialog box, select one of the following:
Click the Users tab to specify a default Windows user name.
Click the Groups tab to specify a default Windows group name.
4 In the Unmapped NFS Names area, click Change. The Select Windows
Name dialog box opens.
5 In the Windows Domain box, type or select the appropriate name of the
Windows source from which you want to retrieve the default Windows
name.
6 Click Load. The Windows names from the specified source appear in the
list.
7 Select the Windows name that you want to specify as the default name
for unmapped NFS users.
8 Click OK. The new default name is specified in the Unmapped NFS
Names area in the Unmapped Names dialog box.
9 In the Unmapped Names dialog box, click OK.
Chapter 8: NFS Maestro Name Mapping Server
179
Exporting and Importing Name Mappings
NFS Maestro Name Mapping Server Configuration lets you save and
retrieve name mapping tables to and from a file.
To export name mappings:
1 Open the NFS Maestro Name Mapping Server Configuration dialog box.
Click the Maintenance tab.
2 In the Expor t Mappings area, click Expor t. The Save As dialog box opens.
3 Save the name mapping table to export the file.
NFS Maestro Client Users Guide
180
To import name mappings:
1 Open the NFS Maestro Name Mapping Server Configuration dialog box.
Click the Maintenance tab.
2 In the Impor t Mappings area, select a retrieval method:
Select Clear Existing Mappings Before Impor t to remove all existing
mappings before importing the new mappings to the name
mapping server.
Clear Clear Existing Mappings Before Impor t, and then select
Overwrite Existing Mappings to replace existing mappings with
mappings in the import file. NFS Maestro Name Mapping Server
Configuration replaces only the mappings for names that match the
retrieved user and group names. The mappings for non-matched
user and group names remain the same.
For more information on
the name mapping rules,
see Primary and
Secondary Mappings on
page 162.
Clear Clear Existing Mappings Before Impor t and Overwrite Existing
Mappings to preserve all existing mappings when importing the new
mappings to the name mapping server. NFS Maestro Name
Mapping Server Configuration adds or replaces mappings
according to the rules for primary and secondary mappings. The
mappings for non-matched user and group names remain the
same.
3 Click Impor t. The Open dialog box opens.
4 Select the appropriate file to import the mappings from a previously
saved mapping file. Click Open.
Chapter 8: NFS Maestro Name Mapping Server
181
Synchronizing Name Mappings
Name mappings can be
stored either on a
Hummingbird or LDAP
name mapping server. For
more information, see
Hummingbird Directory
Services Help.
If name mappings have been configured to be stored on one or more
Hummingbird name mapping servers, the NFS Maestro Name Mapping
Server Configuration saves the name mapping table in the Windows
registry and updates it each time you click OK to close the product.
In this case, you can also configure NFS Maestro Name Mapping Server
Configuration to automatically synchronize its name mappings with the
NFS name space at certain intervals. At the specified time, NFS Maestro
Name Mapping Server Configuration reloads the NFS name space and
deletes or changes mappings in the name mapping table to match the NFS
name space. It is recommended that you configure the synchronization to
occur during periods of low network activity.
Synchronization between name mappings stored on LDAP name mapping
servers and their respective Windows domains and NFS name spaces is
dynamic, and hence, does not need to be configured.
To synchronize name mapping data with the NFS name space:
1 Open the NFS Maestro Name Mapping Server Configuration dialog box.
Click the Maintenance tab.
2 In the Synchronization area, select Synchronization.
3 In the Synchronization Time box, type or select the appropriate time of
the first synchronization.
4 In the Synchronization Interval (Hours) box, type the appropriate amount
of hours between each synchronization.
5 In the NFS Maestro Name Mapping Server Configuration dialog box, click
OK.
Note: If NFS Maestro Name Mapping Server Configuration is
unable to maintain a mapping during synchronization, it logs an
error in the Windows Event Viewer, which can be accessed from
the Administrative Tools program group on the Windows Start
menu.
Chapter 9
Hummingbird Directory Services
Hummingbird Directory Services Applications 185
Directory Services Explorer 185
Hummingbird Directory Services 185
Opening Directory Services Applications 188
Directory Services Overview 190
Directory Service Protocols 190
Directory Service Objects 191
Server Architecture 192
Binding to Domains 193
Locating Domain Servers 193
Directory Service Profiles 195
Creating Profiles 197
Opening the Properties Dialog Boxes 199
Binding to NIS 200
Binding to NIS+ 202
Keylogin and the System Profile 205
Binding to LDAP 205
Specifying LDAP Domains and Bind Methods 206
Retrieving Profiles from Directory Service Agents 209
Securing LDAP with SSL/TLS 211
Setting LDAP Search and Bind Options 213
Specifying Authentication Methods for LDAP Profiles 214
Specifying Schemas for LDAP Profiles 218
Exploring Directory Services 221
Querying Directory Service Objects 221
Sorting Query Results 223
Saving Query Results 223
Viewing Object Properties 224
Modifying Profiles 225
Changing Domain Passwords 226
Specifying Default Servers for hclnfsd/pcnfsd
Authentication 227
Configuring Directory Services 229
Selecting Services 229
Modifying Profiles 230
Disabling User Profiles 232
Specifying Host Lookup Services 232
Synchronizing Passwords 233
Running Keylogin 234
Specifying Name Mapping Servers 234
Configuring LDAP Name Mapping Servers and Clients 237
Extending the Active Directory Schema for Name Mapping 239
Creating and Modifying Name Mapping Profiles 243
Specifying the NFSv4 Domain 247
Running Command Line Applications 249
Chapter 9: Hummingbird Directory Services
185
Hummingbird Directory Services Applications
Hummingbird Connectivity applications include two directory services
tools: Hummingbird Directory Services and Directory Services Explorer.
Directory Services Explorer
Directory Services Explorer is a browsing tool that lets you access and query
directory services without leaving the familiar Windows environment.
Directory Services Explorer lets you do the following:
bind your machine to multiple domains simultaneously
browse object contents and properties
run selective queries
save query results to a file
change your password in a directory service domain
Directory Services Explorer supports NIS, NIS+, and LDAP.
Hummingbird Directory Services
Hummingbird Directory Services provides access to directory services (NIS,
NIS+, and LDAP), name mapping servers, and NFSv4 domains for
Hummingbird Connectivity applications. Hummingbird Directory Services
lets you do the following:
Set up configuration profiles for your machine and for each user of that
machine. Each profile stores the information necessary to bind to a
given domain. Administrators can set up profiles on local and remote
machines using the Hummingbird Directory Services snap-in for the
Microsoft Management Console (MMC).
Select the target service or services for host name resolution.
Synchronize your Windows password with your password in a directory
service domain.
NFS Maestro Client Users Guide
186
Retrieve the names of directory service, authentication, and name
mapping servers by querying a DHCP (Dynamic Host Configuration
Protocol) server, if one is available.
Distribute directory service configuration information across nodes in
a Windows cluster.
Once you have selected a service and established its domain profile, all
directory service queries made by Hummingbird Connectivity applications
target the domain you have specified.
If you have installed NFS Maestro Client on your machine, you can also use
Hummingbird Directory Services to configure a default server for
hclnfsd/pcnfsd authentication.
Using Hummingbird Directory Services, you can also specify the following
information for name mapping purposes:
the name mapping server from which to retrieve name mappings for
your machine
the NFSv4 domain, required for all NFSv4 operations, for the NFS
name space
Once you have specified a name mapping server, all name mapping queries
made by Hummingbird Connectivity applications target the server you have
specified.
Directory Services in a Cluster Environment
A cluster is a collection of independent computing devices that act as a
single entity. Each device in the cluster is known as a node.
Hummingbird Directory Services supports Windows Clustering
technology: if you configure the system profile on one node in a cluster,
other Hummingbird Connectivity applications running in the cluster target
the configured service.
Chapter 9: Hummingbird Directory Services
187
Running Hummingbird Directory Services in a cluster provides the
following advantages of the Cluster service:
High Availability If you configure directory services on a node that
subsequently fails or is taken offline for maintenance, the cluster software
transfers the configuration information to an available node in the cluster,
with little or no interruption in service to applications using the directory
service.
Failback If a node containing directory service configuration information
fails, the cluster software automatically restores the information to the node
when the node comes online again.
The Hummingbird Directory Services Snap-In for MMC
The Microsoft Management Console (MMC) lets Administrators configure
various system and network components. The Console is actually a set of
other tools, called snap-ins, that the console collects in a central access
point. Each snap-in is an administrative interface, or console, for a given
system or network component.
For more information on
the console, see
Hummingbird Directory
Services Help.
Hummingbird provides an MMC snap-in that lets you configure the system
profile for local and remote instances of Hummingbird Directory Services
through a console. The snap-in is installed whenever you install the NFS
Administration feature for any NFS Maestro product.
Note: To use Hummingbird Directory Services in a cluster
environment, the cluster service must be running when you install
the product.
NFS Maestro Client Users Guide
188
Opening Directory Services Applications
For more information on
accessing the console, see
Hummingbird Directory
Services Help.
You can open both directory services applications from the Windows Star t
menu. Administrators can open Hummingbird Directory Services from the
console.
To open Directory Services Explorer:
1 On the Windows Star t menu, point to Programs and navigate to
Hummingbird Connectivity.
2 Point to Connectivity Tools, and then click Directory Services Explorer.
The Directory Services Explorer window opens.
Chapter 9: Hummingbird Directory Services
189
To open Hummingbird Directory Services from the Start menu:
1 On the Windows Star t menu, point to Programs and navigate to
Hummingbird Connectivity.
2 Point to Connectivity Tools, and then click Directory Services Proper ties.
The Hummingbird Directory Services Proper ties dialog box opens.
The Hummingbird Directory Services Proper ties dialog box is also accessible in
view mode through NFS Maestro Server. If you open the dialog box from
this application, you can only view the properties of the user and system
profiles. To create, modify, or select a profile, you must open the dialog box
using the method described above.
NFS Maestro Client Users Guide
190
Directory Services Overview
A directory service stores and discloses network information such as host
names, user IDs, and available resources. The service works in essentially
the same way as a phone directory: to phone someone, a caller uses a phone
book to look up the number associated with the persons name; to connect
to a remote host, a client queries a directory service to retrieve the IP
address associated with the name of the host.
Without a directory service, every host in a network needs to store and
maintain its own copy of the network information. A directory service, on
the other hand, centralizes network information in a single repository that
each client can query. In this way, a directory service ensures the consistency
of the information and simplifies network administration.
Directory Service Domains
Directory services organize their information into domains. A domain
consists of a group of computers and users that share the same network and
configuration information. Typically, a domain corresponds to a particular
organization or department within an organization. When you query a
particular service, you must specify a domain for that service.
Directory Service Protocols
Clients communicate with a given service using a protocol specific to that
service. Directory Services Explorer and Hummingbird Directory Services
support NIS, NIS+, and LDAP.
NIS The Network Information System (NIS) protocol was developed by
Sun Microsystems to simplify the administration of network and
configuration data. NIS stores its information in objects called maps that
can be accessed over the network using the Remote Procedure Call (RPC)
protocol. NIS domains are flat and discrete: any map within a given domain
belongs to and records information about that domain alone.
Chapter 9: Hummingbird Directory Services
191
NIS+ NIS+ was developed by Sun Microsystems as an enhancement of
the NIS protocol. NIS+ objects, called tables, can be searched on multiple
columns (unlike NIS maps). Clients access NIS+ tables using the RPC
protocol. Unlike NIS domains, NIS+ domains are hierarchical and can be
extended to match the growth of the organizations they describe. NIS+ also
protects its data using Secure RPC authentication.
For more information on
supported LDAP schemas,
see Hummingbird
Directory Services Help.
LDAP The Lightweight Directory Access Protocol (LDAP) was developed
by CCITT and ISO as a scaled-down version of the X.500 protocol. Unlike
NIS and NIS+, which are proprietary protocols, LDAP is an open standard.
Like NIS+, LDAP secures its objects by requiring client authentication.
Hummingbird Directory Services and Directory Services Explorer have
been thoroughly tested with the Sun One Directory Server (ranging from
iPlanet 4.x to 5.x) and support the following servers:
RFC2307-compliant servers
RFC2307AIX servers
Microsoft Active Directory servers that have been updated with
AD4UNIX or VAS extensions
You can also configure Hummingbird Directory Services and Directory
Services Explorer to bind to LDAP domains that use nonstandard schemas.
For more information, see Defining Custom Schemas on page 219.
Directory Service Objects
For more information on
directory service objects,
see Hummingbird
Directory Services Help.
NIS and NIS+ store their information in tabular form. Only NIS+ refers to
its objects as tables. NIS objects are known as maps because each maps a
particular value (a key) to a piece of network information. LDAP objects
are known as entries.
NIS/NIS+ Objects
NIS maps each consist of an information column, which stores the network
information, and a key column, which serves as an index to the information
column. The information column typically separates the various attributes
of the object using a colon (:).
Each column in a NIS+ table defines an attribute of the type of information
stored in the object. For example, a table containing password information
typically has user name, user ID, primary group ID, and password columns.
NFS Maestro Client Users Guide
192
Each row (or entry) in a NIS/NIS+ object represents one piece of network
information, such as the complete password information for one user.
LDAP Objects
LDAP entries correspond to the rows in a NIS map or NIS+ table. However,
LDAP entries are discrete objects that can be selected and manipulated
independently of one another. LDAP entries can also contain other LDAP
objects.
Object Contents
The type of information stored in a directory service generally reproduces
the content of UNIX /etc files. For example, NIS stores password
information (usually stored in /etc/passwd) in two maps, called
passwd.byname and passwd.byuid. NIS+ stores the same information in a
table called passwd. In the RFC 2307 schema, LDAP stores password
information in entries that belong to the posixAccount class; in the
AD4UNIX schema, LDAP stores this information in entries that belong to
the User class.
Server Architecture
The repository for a directory service usually consists of one main server
the master serverand a group of supplementary servers. The master
server stores and manages the network information. The supplementary
servers store a copy of the master information. Supplementary servers in
NIS are known as slave servers. Supplementary servers in NIS+ are known
as replicas.
Whenever the network information changes on the master server, the
changes propagate across the network to the copies. Therefore, at any given
time, there are several hosts capable of disclosing network information to
clients. This architecture lets the administrator evenly distribute the
network load across more than one server. From the point of view of clients
who access the service, the changes are automatic and transparent.
LDAP uses multiple servers that can independently update the network
information and synchronize it with each other.
Directory Services Explorer and Hummingbird Directory Services let you
target your queries to specific servers in a domain.
Chapter 9: Hummingbird Directory Services
193
Binding to Domains
Before you can query a directory service or an LDAP name mapping server,
you must first bind to a domain. Each directory service domain is
controlled by one or more servers (domain controllers) that store and
release the domain information. When you bind to a domain, you configure
your system to send its queries to one of the servers that control that
domain.
Bind Information
The process of binding to a domain differs from service to service. In
general, you need to supply the domain name and names of the servers you
want to query. If the service (such as NIS+) uses an authentication protocol,
you also need to supply valid credentials.
Directory Service Profiles
For more information on
the types of profiles you
can create for a domain,
see Directory Service
Profiles on page 195.
You save the complete information for binding to a given domain in a
profile. The profile records the details about the domain as well as the
particular method by which you bind to it (for example, under user or
machine credentials, or as one user or another).
Locating Domain Servers
Directory Services Explorer and Hummingbird Directory Services can
automatically locate NIS/NIS+ servers that are part of your local subnet by
sending a broadcast across the network.
To find the names of remote NIS+ and LDAP servers, contact your NIS+ or
LDAP administrator. If you are using NIS as your directory service, you can
use the ypwhich command to determine the names of NIS servers for a given
domain.
For more information, see
Ping Help.
If you know the name of the server, you can use the Ping accessory to
determine if it is accessible from your machine.
NFS Maestro Client Users Guide
194
Locating Servers Using DHCP
If your network has a Dynamic Host Configuration Protocol (DHCP)
server that stores configuration information for network servers, such as
directory service, name mapping, and authentication servers,
Hummingbird Directory Services can query the DHCP server to retrieve the
configuration information. Depending on the type of server represented in
the DHCP server, the configuration information can include the name of
the server, the directory service domain it supports, and the port number
on which it operates.
For more information on
Relay Agents, consult
RFC 1542.
Retrieving configuration information from a DHCP server is usually
quicker than scanning the network. Also, if DHCP Relay Agents are
installed on other subnets, you can retrieve configuration information for
servers outside your immediate subnet.
For more information on
DHCP, see RFC 2131.
The Dynamic Host Configuration Protocol provides a mechanism for
storing configuration parameters about network hosts (such as IP
addresses) and delivering this information from a DHCP server to DHCP
clients. The protocol also specifies a method to dynamically assign IP
addresses to hosts on a network. The protocol simplifies network
administration because administrators do not need to add or maintain
addresses for each machine they support.
Configuring DHCP for Hummingbird Directory Services
Before you can retrieve server information from a DHCP server, either or
both of the scope or server options on the DHCP server must be configured
correctly. (If both are set, scope options take precedence.) There is a specific
option code for each type of server information you can retrieve. The
following table presents the options that need to be set:
Option Code Information Type Data Type Array?
040 NIS domain name String No
041 NIS servers IP address Yes
064 NIS+ domain name String No
065 NIS+ servers IP address Yes
Chapter 9: Hummingbird Directory Services
195
For more information on DHCP options, consult RFC 2132 or visit the
following web site:
http://www.dhcp.org
Directory Service Profiles
The type of profile you create for a domain depends on the application you
are using.
Directory Services Explorer Profiles
You can create up to ten
profiles for each directory
service.
In Directory Services Explorer, you can create multiple profiles, each
corresponding to a single domain and binding method. In other words,
Directory Services Explorer lets you bind to and explore multiple domains
simultaneously.
You can examine the objects in each domain as if they were directories in a
mapped drive. (The process of binding to a server is analogous to mapping
a remote drive.)
For easy reference, you can give the profile a descriptive name. This is the
name under which the domain appears in Directory Services Explorer.
200 hclnfsd/pcnfsd server String No
201 Name mapping servers String No
202 LDAP servers String No
203 LDAP name mapping servers String No
Note:
The protocol reserves the option codes 040, 041, 064, and 065
for NIS and NIS+ server information. The other listed codes
are not reserved. Make sure they are not already in use on the
DHCP server.
When setting server information for codes 201, 202, and 203,
separate multiple server names with a space.
Option Code Information Type Data Type Array?
NFS Maestro Client Users Guide
196
Hummingbird Directory Services Profiles
Hummingbird Directory Services lets you create a directory service profile
for your machine (the system profile) or for each registered user on that
machine. You can also configure profiles for your machine for name
mapping purposes.
The profile contains the information necessary to bind to a domain for each
service supported by Hummingbird Directory Services. For example, you
can create different user profiles to bind to a NIS domain, a NIS+ domain,
and an LDAP domain.
When you select a particular service from within a Hummingbird
Connectivity application, the application sends your queries (such as host
lookup) to the domain specified in your profile for that service. The system
profile is selected by default.
User Profile Users can set up profiles that let them bind to domains of
their choice. They supply the configuration information for one directory
service (or more) and then select the service they want to use for a given
task. A user profile is specific to a given user; the profile is in effect while the
user is logged into the machine.
System Profile The system profile contains the default configuration
information for any application or user that queries a directory service. A
user that does not have a NIS account, for example, can still query the NIS
domain specified in the system profile. The administrator for the machine
can also configure Hummingbird Directory Services so that users can bind
only to the domains specified in the system profile. (In this case, users
cannot create their own profiles.)
For more information, see
Specifying Name
Mapping Servers on
page 234.
Name Mapping Profile Provided that an LDAP name mapping server is
available, users can set up profiles that let them bind to LDAP domains for
name mapping purposes. The name mapping profile is in effect as long as
the specified name mapping server is an LDAP server.
If you have used Hummingbird Directory Services to set up user, system, or
name mapping profiles, you can view those profiles (under those names) in
Directory Services Explorer.
Chapter 9: Hummingbird Directory Services
197
Creating Profiles
You must be the Administrator for the machine to create the system profile.
Any user, however, can view the settings for the system profile (in
Hummingbird Directory Services) or the contents of its configured
domains (in Directory Services Explorer).
The procedure for creating name mapping profiles is similar to that for
LDAP directory services profiles with the exception of search base and
schema information. For more information on creating name mapping
profiles, see Creating and Modifying Name Mapping Profiles on page 243.
To create a profile using Directory Services Explorer:
1 On the File menu of Directory Services Explorer, click Settings. The
Directory Services Explorer Settings dialog box opens.
2 From the Directory Service list, select the service you want to target in
the profileNIS, NIS+, or LDAP.
3 Click Add. The Proper ties dialog box for the selected service opens. For
example, if you have selected LDAP, the LDAP Proper ties dialog box
opens.
4 In the Proper ties dialog box, specify the domain for the selected service
and assign a name to the profile.
For more information on specifying a NIS domain, see Binding to
NIS on page 200.
For more information on specifying a NIS+ domain, see Binding
to NIS+ on page 202.
For more information on specifying an LDAP domain, see
Binding to LDAP on page 205.
After you have specified the domain, its name appears in the Profile box
of the Directory Services Explorer Settings dialog box.
5 In the Directory Services Explorer Settings dialog box, click OK. The
dialog box closes and the profile is stored locally. You can browse the
specified domain under the profile name you assigned to it.
NFS Maestro Client Users Guide
198
To create a profile using Hummingbird Directory Services:
1 Open the Hummingbird Directory Services Proper ties dialog box.
2 Do one of the following:
To create your user profile, select User Settings.
To create the system profile, select System Settings.
To create a name mapping profile, see Creating and Modifying
Name Mapping Profiles on page 243.
3 From the Directory Service list, select a directory service.
For more information on
DHCP servers, see
Locating Domain Servers
on page 193.
4 If there is a DHCP server on your network, and you want to use it to
retrieve the server configuration information for the selected service, do
the following:
a) Click DHCP. Hummingbird Directory Services queries the DHCP
server to retrieve the server information. You can terminate the
query by clicking Cancel in the progress dialog box.
b) In the dialog box that opens, examine the retrieved server
information. If the information is correct, specify any additional
configuration parameters for the service, and then click OK.
5 Click Proper ties. The Proper ties dialog box for the selected service
opens. For example, if you selected NIS+ in step 3, the NIS+ Proper ties
dialog box opens.
Note: If the User Settings option is dimmed, the administrator for
your machine has disabled user profiles. You must use the system
profile. If you want to bind to a NIS+ domain, you can still run
keylogin to retrieve your own DES credentials. For more
information, see Running Keylogin on page 234.
Chapter 9: Hummingbird Directory Services
199
6 In the Proper ties dialog box, specify the domain information for the
selected service.
For more information on specifying a NIS domain, see Binding to
NIS on page 200.
For more information on specifying a NIS+ domain, see Binding
to NIS+ on page 202.
For more information on specifying an LDAP domain, see
Binding to LDAP on page 205.
7 In the Hummingbird Directory Services Proper ties dialog box, click OK.
The dialog box closes. Any queries issued by a Hummingbird
Connectivity application (except Directory Services Explorer) target the
domain specified in the selected profile.
Opening the Properties Dialog Boxes
For each supported directory service protocol there is a Proper ties dialog
box that lets you specify the domain for the service and configure other
bind options.
To open a Properties dialog box in Directory Services Explorer:
1 On the File menu, click Settings. The Directory Services Explorer Settings
dialog box opens.
2 From the Directory Service list, select the service you want to
configureNIS, NIS+, or LDAP.
3 Click Add.
To open a Properties dialog box in Hummingbird Directory Services:
1 From the Directory Service list of the Hummingbird Directory Services
Proper ties dialog box, select the service you want to configureNIS,
NIS+, or LDAP.
2 Click Proper ties.
NFS Maestro Client Users Guide
200
Binding to NIS
When you bind to a NIS domain, you can specify a primary and secondary
domain server. Any queries sent to NIS target the primary server, orif the
primary server is unavailablethe optional secondary server. Your choice
of primary and secondary servers can affect the distribution of network
load across the NIS master and slaves.
Using Hummingbird Directory Services, you can also specify the maps for
host resolution queries. Hummingbird Connectivity applications that run
host name/address lookups consult the maps that you specify.
To bind the current profile to a NIS domain:
For more information, see
Opening the Properties
Dialog Boxes on
page 199.
1 Open the NIS Proper ties dialog box.
2 Type the profile name for the domain into the NIS Profile Name box
(Directory Services Explorer only).
3 Click Proper ties. The NIS Domain Configuration dialog box opens.
Chapter 9: Hummingbird Directory Services
201
4 In the NIS Domain Name box, type the name of the NIS domain. NIS
domain names typically consist of two labels separated by a period (for
example, abcd.com). The first label indicates the organization; the
second label can be an Internet domain name such as com, org, or edu.
5 If the NIS master server is in the same subnet as your machine, select
Automatically Obtain Server List. Otherwise, select Manually Enter NIS
Servers; then, type the name or IP address of your primary NIS server
in the Primary Server Name or IP Address box. If you want to specify a
secondary server, type its name or IP address into the Secondary Server
Name or IP Address box.
6 Click OK. The NIS Domain Configuration dialog box closes. The NIS
Proper ties dialog box displays the configuration information.
7 In the NIS Proper ties dialog box, set the server query order. The NIS
Servers list displays the available servers. The top-to-bottom order of
servers in the list corresponds to the query order. To change the query
order of a server, select it from the list, and then click the Up or Down
buttons at the right of the list to move the server to the correct position.
NFS Maestro Client Users Guide
202
8 If you are creating a NIS profile in Hummingbird Directory Services, do
the following:
a) In the Name Resolution Map box, type the name of the host name
resolution map for the selected domain. In the standard NIS
configuration, this map is called hosts.byname.
b) In the IP Resolution Map box, type the name of the host IP
resolution map for the selected domain. In the standard NIS
configuration, this map is called hosts.byaddr.
9 Click OK. The NIS Proper ties dialog box closes. The NIS service is
configured for the specified profile.
Binding to NIS+
When you bind to NIS+, you can set a query order for NIS+ servers.
Alternatively, to balance service loads across the network, you can specify
random access to NIS+ servers. By default, your queries target the NIS+
master (if available), and then any available replica servers.
For more information on
required NIS+ credentials,
see Keylogin and the
System Profile on
page 205.
Hummingbird Directory Services lets you bind to a NIS+ domain as either a
user or a machine, depending upon the profile you have selected in the
Hummingbird Directory Services Proper ties dialog box. Certain tasks, such as
connecting to an NFS resource or changing your password in a NIS+
domain, require user credentials.
To bind the current profile to a NIS+ domain:
For more information, see
Opening the Properties
Dialog Boxes on
page 199.
1 Open the NIS+ Proper ties dialog box.
2 Type the profile name for the domain into the NIS+ Profile Name box
(Directory Services Explorer only).
Chapter 9: Hummingbird Directory Services
203
3 Click Proper ties. The NIS+ Domain Configuration dialog box opens.
4 In the NIS+ Domain Name box, type the name of the NIS+ domain.
NIS+ domain names consist of two labels separated by a period and
always end with a period (for example, abcd.com.). The first label
indicates the organization; the second label can be an Internet domain
name such as com, org, or edu.
For more information on
NIS+ credentials, see
Hummingbird Directory
Services Help.
5 In the NIS+ Credentials area, enter your credential information:
To set up the system profile, type the Secure RPC password for your
machine into the Secure RPC password box. (The system profile is
accessible in Hummingbird Directory Services only.)
To set up a different profile, type your user name for the domain
into the User Name box; then, type your Secure RPC password into
the Secure RPC Password box. Usually, your Secure RPC password
is the same as your domain password.
6 If the NIS+ master server is in the same subnet as your machine, select
Automatically Obtain Server List. Otherwise, select Manually Enter a NIS+
Server; then, type the host name or IP address of the server into the
Server Name or IP Address box.
NFS Maestro Client Users Guide
204
7 Click OK. The NIS+ Domain Configuration area of the NIS+ Proper ties
dialog box displays the name of the master server for the domain and
the Secure RPC netname you are using to bind to the domain.
8 In the NIS+ Server Query Order area, set the server query order. The
NIS+ Server Query Order area displays the list of available servers. The
list of servers from top to bottom corresponds to the query order. To set
the query order, do one of the following:
To randomly target NIS+ servers during queries, select Use Random
Server.
To set a specific query order for a server, select the server from the
list, and then click the Up or Down buttons at the right of the list to
move the server to the correct position.
9 Click OK. The NIS+ Proper ties dialog box closes. The NIS+ service is
configured for the specified profile.
Chapter 9: Hummingbird Directory Services
205
Keylogin and the System Profile
Certain tasks involving NIS+ require user credentials. For example, you
must supply user credentials if you want to connect to an NFS resource, or if
you want to change your password in a NIS+ domain.
For more information on
keylogin and NIS+
credentials, see
Hummingbird Directory
Services Help.
When you create a user profile, Hummingbird Directory Services runs
keylogin based on the name and Secure RPC password you supply in the
profile. It then stores the retrieved credential information locally. This
information is available to any Hummingbird Connectivity application that
needs to use your user credentials.
The system profile stores the credentials for your machine, not your user
credentials. If you are using the system profile and you attempt a task that
requires user credentials, Hummingbird Directory Services automatically
opens the NIS+ Keylogin dialog box, which lets you specify a user name and
Secure RPC password for the NIS+ domain in the system profile.
Keylogin runs on a per-user basis. Once you have specified user credentials
for the system profile, you do not need to supply this information again.
Binding to LDAP
Hummingbird Directory
Services and Directory
Services Explorer also
support LDAP domains
that use the name mapping
schema extension. For
more information, see
Extending the Active
Directory Schema for
Name Mapping on
page 239.
Hummingbird Directory Services and Directory Services Explorer support
LDAP domains that use one of the following schemas: RFC 2307,
RFC2307AIX, or Active Directory with AD4UNIX/VAS extensions. To bind
to a domain that does not adhere to any of the supported schemas, do either
of the following:
Customize your profile to reflect the nonstandard schema. For more
information, see Defining Custom Schemas on page 219.
Retrieve the profile from a Directory Service Agent (DSA) that is
configured to return profile information about the domain. For more
information, see Retrieving Profiles from Directory Service Agents on
page 209.
Note: If you are using the system profile, you can run keylogin
explicitly to bind to NIS+ using specific credentials. You do not
need to run keylogin if you are using the user profile. For more
information, see Running Keylogin on page 234.
NFS Maestro Client Users Guide
206
The basic procedure for binding to an LDAP domain is as follows.
These steps are described
in detail in the following
pages.
1 Specify the information that defines the LDAP domain and the bind
method you want to use.
2 Specify the credentials and authentication method you want to use to
bind to the domain.
3 Select the schema for the domain or, if necessary, configure the profile
to reflect a nonstandard schema.
For information on binding to an LDAP name mapping server, see
Creating and Modifying Name Mapping Profiles on page 243.
Specifying LDAP Domains and Bind Methods
The first step in creating an LDAP profile is to specify the information that
defines the LDAP domain and the bind method, including the following:
the LDAP servers you want to target, their query order, and which
servers (if any) act as Directory Service Agents for profile information
the version of LDAP you want to use
the search base for queries, the search timeout, and other search options
the method for securing communication with the domain (SSL/TLS or
none)
the maximum time that the LDAP client attempts to bind to the
domain
Note: If you configure the profile to retrieve profile information
from a DSA, you do not need to continue with steps 23.
Chapter 9: Hummingbird Directory Services
207
To specify an LDAP domain and bind method:
For more information, see
Opening the Properties
Dialog Boxes on
page 199.
1 Open the LDAP Proper ties dialog box. The General page is selected by
default.
2 In the LDAP Profile Name box, type the profile name for the domain
(Directory Services Explorer only).
3 Specify the server(s) in the domain that you want to target. For each
server, do the following:
a) On the General page, click Add.
Click the Default button to
enter the default port
numbers.
b) In the LDAP Server Configuration dialog box, specify the name of the
server and the port numbers for the LDAP service and the secure
LDAP service (using SSL/TLS). By default, the LDAP service listens
for requests on port 389; the SSL/TLS service uses port 636.
A port number identifies a particular service on the server. Client
requests to a server typically include a port number to identify
which service should process the request.
NFS Maestro Client Users Guide
208
c) To register the server as a Directory Service Agent for profile
information, select This Server Stores Client Profiles.
To change the properties
for a server, select it from
the list and then click
Properties.
d) Click OK. The LDAP Server Configuration dialog box closes and the
name of the server you have added appears in the LDAP Servers area
on the General page.
4 If you have added more than one server to the list, use the Up and Down
buttons to change the position of selected servers in the list. The
top-to-bottom order of servers in the list is their query order.
5 Do one of the following:
This option is available
only if you have registered
at least one server as a
profile server.
To use the profile stored in the domain, select Use Profile from Profile
Server(s), and then click OK. The profile is retrieved from the first
available DSA in the server list. Proceed to step 10.
To create your own profile, or customize a loaded profile, proceed
to the next step.
For more information on
certificates, see Securing
LDAP with SSL/TLS on
page 211.
6 To bind to the domain securely using the SSL/TLS protocol, select Use
SSL Connection. Only LDAP version 3 supports SSL/TLS. To use
SSL/TLS, you must first install a CA certificate.
For more information on
LDAP search bases, see
Hummingbird Directory
Services Help.
7 In the Search Base box, type the search base for the directory
information tree (for example, dc=abcxyz,dc=com). The search base and
search options you specify apply to all servers listed in the LDAP Servers
area.
Note: If you have registered one or more servers as DSAs for
profile information, you can view the stored profile by clicking
Load Profile. The information for your profile, such as the
authentication method and domain schema, appears in the LDAP
Properties dialog box when you click the button. To clear the
loaded profile, click Cancel.
Chapter 9: Hummingbird Directory Services
209
8 Click Advanced. In the LDAP Advanced Options dialog box, open the
Other page and then select the version of the LDAP protocol you want to
use. If you use SSL/TLS authentication, you must use version 3. Most
LDAP servers running version 3 also support version 2.
If you are not using SSL/TLS authentication and the server supports
version 2 only, all LDAP queries made by you use the version 2 protocol
(even if you specify version 3).
9 To specify additional search and bind options, open the Search page.
For more information, see page 213.
10 In the LDAP Advanced Options dialog box, do one of the following:
Click OK to complete the profile.
Use the Security and Schema pages to define the authentication
method and schema for the profile.
Retrieving Profiles from Directory Service Agents
In LDAP, a Directory Service Agent (DSA) is a server that stores the
directory information tree, in part or whole, for a given domain. LDAP
clients, also known as Directory User Agents (DUAs) contact DSAs using
LDAP to retrieve or modify domain information.
For more information about
configuration profiles, see
the Internet Draft A
Configuration Schema for
LDAP Based Directory
User Agents.
Because different implementations of LDAP use different schemas, some
LDAP domains store information about how the domain is configured.
DUAs can retrieve this information to configure themselves to reflect the
schema adopted by the domain. The configuration information includes
the following attributes:
Attribute Description
attributeMap Specifies a mapping between an attribute defined by
the client (the DUA) and an attribute defined in an
alternative schema. This attribute lets you customize
your profile to reflect the schema used by the domain.
authenticationMethod Specifies the default authentication method (None,
Simple, or SASL/GSSAPI) for binding to the domain.
bindTimeLimit Specifies the maximum time in seconds that the client
spends attempting to bind to the domain.
NFS Maestro Client Users Guide
210
To retrieve configuration information for your profile:
1 When you specify the servers for the domain, ensure that you identify
which ones are DSAs for profile information: in the LDAP Server
Configuration dialog box, select This Server Stores Client Profiles for each
DSA.
2 On the General page of the LDAP Proper ties dialog box, select Use Profile
from Profile Server(s). This option effectively makes your profile a DUA
for profile information.
3 Click OK. Hummingbird Directory Services and Directory Services
Explorer automatically update the profile with the configuration
information from the first available DSA you specified.
credentialLevel Specifies the type of credentials (Anonymous, Self,
Proxy) the client uses for Simple authentication.
defaultSearchBase Specifies the search base DN for the profile.
defaultServerList Specifies the list of servers that support the domain.
defaultSearchScope Specifies the search scope (Base, Subtree, or One) for
LDAP queries.
followReferrals Specifies whether LDAP queries follow referrals to
other servers.
preferredServerList Specifies the list of preferred servers for LDAP queries.
profileTTL Specifies the expiration time (Time To Live) of the
profile in seconds.
searchTimeLimit Specifies the maximum query time (in seconds) for
LDAP queries.
Note: If you have set your profile as a DUA, Hummingbird Directory
Services and Directory Services Explorer automatically refresh the
profile whenever you try to bind to the domain after the expiration
time defined by the profileTTL attribute.
Attribute Description
Chapter 9: Hummingbird Directory Services
211
Securing LDAP with SSL/TLS
The Transport Layer
Security (TLS) protocol is
an extension of SSL.
The Secure Socket Layer (SSL) protocol was developed by Netscape to
secure communication over the Internet. The protocol provides a secure
channel for client-server communication. The basis of SSL authentication is
a digital certificate which one party sends to another to prove its identity.
The certificate is issued by a third party, the Certificate Authority (CA), that
both parties trust. LDAP version 3 supports SSL security.
Hummingbird Directory Services and Directory Services Explorer use
server-side certificates, which authenticate an LDAP server to your
machine. To use the server-side certificate from a given LDAP server, you
must first retrieve a CA certificate from the root Certificate Authority used
by the server. The CA certificate lets Hummingbird Connectivity
applications (including Directory Services Explorer) authenticate the
certificate sent from the LDAP server.
Contact your LDAP administrator for information about the applicable
Certificate Authority. You can use most web browsers to download a CA
certificate and save it on your machine.
Once you have retrieved the CA certificate, you need to install it using a
version of Microsoft Internet Explorer that supports SSL/TLS. If you are
using Internet Explorer to retrieve a certificate, you can install it directly
during the download process.
SSL Requirements for Microsoft Active Directory
If you bind to a Microsoft Active Directory LDAP domain that is different
from your Windows 2000 domain, you can change or synchronize your
password in that domain only if you are using 128-bit SSL authentication.
In this case, the LDAP server must have a server certificate for a 128-bit RSA
connection and must support high (128-bit) encryption.
Note: Before you can install an SSL certificate using Internet
Explorer, you may need to update your Windows system. For
more information, see article Q286158 in the Microsoft Product
Support Services web site:
http://support.microsoft.com
NFS Maestro Client Users Guide
212
If you are installing Internet
Explorer 5.5 on a Windows
2000 machine, you must
also install the Windows
2000 High Encryption Pack
to change the encryption
level for the machine.
In addition to the requirements for the server, the version of Internet
Explorer that you use to install the CA certificate must support 128-bit
encryption. Internet Explorer versions 5.5 and higher automatically support
128-bit encryption. If you are not using one of these versions, you must
either install a version that does support high encryption or upgrade your
current version with the Microsoft Internet Explorer High Encryption Pack.
You can find more information about Microsofts encryption packs at the
following site:
http://www.microsoft.com/windows/ie/downloads/recommended/128bit
Installing CA Certificates
After you have installed the certificate correctly, it appears in the Trusted
Root Cer tification Authorities page of the Cer tificate Manager dialog box.
To install a CA certificate at download time (Internet Explorer only):
1 In the File Download dialog box, select Open This File From Its Current
Location. Click OK. The Cer tificate dialog box opens.
2 On the General page, click Install Cer tificate. The Certificate Manager
Import Wizard opens.
3 Follow the instructions in the wizard to install the certificate on your
machine.
To install a CA certificate saved to disk:
1 Open Internet Explorer.
2 On the Tools menu, click Internet Options. The Internet Options dialog box
opens.
3 Select the Content tab; then, click Cer tificates. The Cer tificate Manager
dialog box opens.
4 Click Impor t. The Certificate Manager Import Wizard opens.
5 Follow the instructions in the wizard to install the certificate on your
machine.
Chapter 9: Hummingbird Directory Services
213
Setting LDAP Search and Bind Options
The LDAP Advanced Options dialog box or the LDAP Name Mapping Advanced
Options dialog box lets you set the following options as appropriate:
Search Page
Search Timeout
(Seconds)
Specifies the maximum query time for LDAP queries. If
the service does not return any query results within the
specified time, the query is aborted.
Bind Timeout (Seconds) Specifies the maximum time in seconds that the LDAP
client spends attempting to bind to the LDAP domain.
Maximum Number of
Matches to Return
Specifies the maximum number of entries that an
LDAP query returns. Type the number of matches into
the box. Type zero (0) to specify no limit.
Follow Referrals Indicates that LDAP queries follow referrals to other
servers. In LDAP, information can be distributed across
multiple servers. Objects on one server may act as
referrals to objects on another server. The target of the
referral stores the actual information of the object. By
following the referral, the query can retrieve the object
information regardless of the network location of the
object, but the query may take longer to process.
Search Scope: Base Indicates that LDAP queries begin at the search base
for your profile and extend throughout the directory
information tree until a match is found or the tree is
exhausted. The search base is specified on the
General page of the LDAP Properties dialog box.
Search Scope: Subtree Indicates that LDAP queries begin at the relevant
subtree (container) in the directory information tree
and extend throughout the subtree until a match is
found or the subtree is exhausted.
Search Scope: One Indicates that LDAP queries begin at the relevant
subtree in the directory information tree but do not
extend beyond this container. (In other words, LDAP
queries search a single level of the tree.)
NFS Maestro Client Users Guide
214
Specifying Authentication Methods for LDAP Profiles
The second step in setting up an LDAP profile is to specify the
authentication method you want to use to bind to the domain and, if
necessary, your authentication credentials (user name and password). The
credentials you supply verify you as a legitimate client of the domain.
Hummingbird Directory Services and Directory Services Explorer support
the following options for LDAP authentication:
None Indicates that you are not sending any credentials to the server for
authentication. This option effectively binds you to the server as an
anonymous user. Anonymous users may not have access to all objects in the
domain. By default, Microsoft Active Directory does not support
anonymous user access to its containers.
Simple Sends your credentials to the server as is, with no encryption. You
can send credentials for one or more of the following users:
The Anonymous user.
Yourself (using your own credentials). If you are binding to LDAP to
retrieve NFS credentials for NFS Maestro Client, Hummingbird
Directory Services uses one of the following credentials (in order of
precedence):
a) the credentials you explicitly supply for the connection, or, if you
do not specify any credentials,
b) the registered credentials (defined by the Administrator, or, if there
are no Administrator-registered credentials, the credentials you
have registered), or, if there are no registered credentials,
c) your Windows user account credentials
In all other cases, your Windows user account credentials are used.
Other Page
LDAP Version Specifies the version of LDAP for the profile. From the
list, select the version of LDAP you want to use.
When specifying the LDAP version for an LDAP name
mapping server, you must select LDAPv3.
Chapter 9: Hummingbird Directory Services
215
A proxy user (using a given user DN and password).
For more information on
SASL/GSSAPI, see
page 217.
SASL/GSSAPI Indicates that you are using the Simple Authentication and
Security Layer (SASL) protocol and the GSSAPI authentication mechanism
to authenticate yourself to the server. SASL/GSSAPI authentication is
supported only for Active Directory domains. When you use this method to
authenticate to an Active Directory domain, all LDAP transactions between
you and the server are secured.
To specify an authentication method:
1 In the LDAP Proper ties dialog box, open the Security page.
Warning! If you are not also using SSL/TLS authentication to
secure the communication between you and the server, your
credentials may be visible to any third party on the network. If you
choose to use SSL/TLS, you must first retrieve a CA certificate
from the same Certificate Authority that is used by the LDAP
server. For more information, see Securing LDAP with SSL/TLS
on page 211.
NFS Maestro Client Users Guide
216
2 From the Method list, select the authentication method you want to use
to bind to the domain.
3 If you are using Simple authentication, do the following:
a) In the Credential Level Order area, select the check box for one or
more of the credentials that you want to use (Anonymous, Self,
Proxy).
If you want to use Proxy credentials, select Proxy, and in the Proxy
Credentials area, specify the user DN and password for the proxy
user.
b) To specify the order in which credentials are sent for
authentication, select each credential and then click Up or Down to
move the credential up or down the list. Repeat as necessary. The
top-to-bottom order of credentials in the list corresponds to the
order in which they are used for authentication.
The profile binds to the domain with the first successfully
authenticated credential.
For more information on
password verification
methods, see page 218.
4 Specify a method for verifying your password:
To verify passwords by comparing the encrypted version of your
password in the LDAP domain against a one-way hash of your
specified password, select Compare Crypted Values.
A hash function transforms a string of data into a number. The
function is designed so that no two strings produce the same hash
value. A one-way hash is an irreversible transformation: from the
hash value, it is impossible to derive the original string.
To verify passwords by initiating a bind operation, select Performing
Bind Operation.
Note: If the LDAP domain does not use default containers and
attributes for user information, you must customize the profile to
reflect the domain schema. For more information, see Defining
Custom Schemas on page 219.
Chapter 9: Hummingbird Directory Services
217
5 In the LDAP Advanced Options dialog box, do one of the following:
Click OK to complete the profile.
Use the Schema page to specify the schema for the profile.
SASL Authentication
For more information on
SASL, see RFC 2222.
The Simple Authentication and Security Layer (SASL) protocol provides a
means for securing client-server communications. The protocol consists of
an exchange between the client and the server in which the server sends a
series of challenges and the client returns a series of responses to prove its
identity. The protocol effectively adds a security layer to the existing
communications protocol in operation between the client and server.
For more information on
GSSAPI, see RFC 2078.
SASL supports several mechanisms that govern the exchange between the
client and server. Hummingbird Directory Services and Directory Services
Explorer support SASL using the GSSAPI mechanism. The Generic Security
Service Application Program Interface (GSSAPI) provides a generic
interface for other protocols requiring a security service. GSSAPI hides the
implementation details of the security service from its users.
To use SASL authentication, you must meet the following requirements:
your machine must be a part of the Active Directory LDAP domain
your Windows user account must be the same as your account in the
Active Directory LDAP domain
you must log onto your machine using your user account
When you use SASL for authentication to an Active Directory LDAP
domain, Hummingbird Directory Services and Directory Services Explorer
automatically use the credentials for your Windows account. You do not
need to specify additional credentials.
NFS Maestro Client Users Guide
218
Password Verification Methods
When you use LDAP as your directory service, you can specify a password
verification method. The method applies whenever you attempt to do the
following:
Change your password in an LDAP domain. In this case, Directory
Services Explorer verifies your password before changing the password.
Connect to an NFS resource using NFS Maestro Client. In this case,
Hummingbird Directory Services verifies your password before the
client can connect.
You can select one of the following verification methods:
Specifying Schemas for LDAP Profiles
The third step in setting up an LDAP profile is to specify the schema used by
the LDAP domain. Hummingbird Directory Services and Directory
Services Explorer automatically support domains that adhere to one of the
following schemas:
RFC 2307
RFC2307AIX
Active Directory with AD4UNIX/VAS extensions
For information on specifying schemas for LDAP name mapping servers,
see Extending the Active Directory Schema for Name Mapping on
page 239.
Method Description
Compare Crypted Values Performs a one-way hash of the supplied password
and compares it with the encrypted password stored
in your user account object in the LDAP domain. This
verification method is similar to authentication using
PAM_UNIX.
Perform Bind Operation Attempts to bind to the LDAP domain using the
supplied password. If the bind operation succeeds,
then the supplied password is verified. This
verification method is similar to authentication using
PAM_LDAP.
Chapter 9: Hummingbird Directory Services
219
To specify a supported schema for your profile:
1 In the LDAP Proper ties dialog box, open the Schema page.
2 From the Type list, select the schema. Click OK to apply your selection.
Defining Custom Schemas
For more information on
these components, see
Hummingbird Directory
Services Help.
If the domain you want to bind to uses a nonstandard LDAP schema, you
can customize the following components of your profile to reflect the
schema:
Class Names for Common Objects The classes that represent the User,
Group, Policy, Automount, Host, Network, and RPC objects in the domain.
Each class specifies the name and type of the attributes that make up the
object. For example, in the RFC 2307 schema, the User object is defined by
the posixAccount class. A nonstandard schema may use different classes to
define these objects.
DNs for Common Objects The locations for the objects in the directory
information tree. Each object is an LDAP container. The distinguished
name (DN) of the container specifies its position in the tree. For example,
the following DN specifies the location of the people container in a domain
called abcd.com:
ou=people,dc=abcd,dc=com
The people container is the User object in the RFC 2307 schema. A
nonstandard schema may locate the object in a different position and under
a different container name in the tree.
User Attribute Names The names of attributes in the User container.
Each entry in this container stores the account information for one user. If
you need to supply authentication credentials when you bind to an LDAP
domain, ensure that your profile defines the correct attribute names for the
User container.
For information on schema
extensions for name
mapping, see Extending
the Active Directory
Schema for Name
Mapping on page 239.
Contact your LDAP administrator to determine what customizations are
required to configure your profile for the domain. The customizations you
make can affect other Hummingbird Connectivity applications. For
example, LDAP domains store automount information according to a
NFS Maestro Client Users Guide
220
specific set of attributes. If you want to use the Directory Service
Automounts container of the network component in NFS Maestro Client,
you must specify which classes define the automount information for the
LDAP domain you are using.
To customize your profile for a nonstandard schema:
1 In the LDAP Proper ties dialog box, open the Schema page.
2 If the nonstandard schema is similar to a supported schema, select the
supported schema from the Type list. The page updates with the correct
settings for the selected schema.
3 From the Type list, select Manual.
For more information on
the listed objects, see
Hummingbird Directory
Services Help.
4 For each object listed in the Account Object Definitions and Network
Object Definitions areas, select the correct class that defines the object in
the schema. Some objects are defined by more than one class.
Chapter 9: Hummingbird Directory Services
221
5 Click Advanced.
6 On the Distinguished Names page of the LDAP Advanced Schema dialog
box, specify the directory information tree location of each of the listed
objects. The location of the object in the tree is the same as the
distinguished name (DN) of the container. For each container, you can
either select from a set of common DNs or type a specific DN.
7 Open the Attributes page. For any attribute in the User object that has a
nonstandard name, select the name from the list of common names or
type the name directly.
8 Click OK to close the LDAP Advanced Schema dialog box. In the LDAP
Proper ties dialog box, click OK to complete the profile.
Exploring Directory Services
The following sections describe the tasks you can perform using Directory
Services Explorer.
Querying Directory Service Objects
For more information on
directory service objects,
see Directory Services
Explorer Help.
When you run a query, you can retrieve the contents of an entire object (for
example, a NIS map, NIS+ table, or LDAP directory) or just the particular
entry that matches a certain key value.
Note: If you want to save the results of your query to a file, you
must configure the file output settings of Directory Services
Explorer prior to running the query. For more information, see
Saving Query Results on page 223.
NFS Maestro Client Users Guide
222
To retrieve the entire contents of an object:
1 From the drop-down list box of Directory Services Explorer, select the
service you want to query. The left pane displays the profiles you have
created for that service.
2 Click the plus sign to the left of an object to display the objects it
contains.
3 Repeat step 2 until you find the object you want to query.
4 Click the object. The right pane displays the contents of the object.
To retrieve a specific entry from a selected object:
1 Open the Select Entries dialog box using one of the following methods:
Right-click the selected object; on the pop-up menu that appears,
click Select Table Entries.
Click the Select Table Entries button on the toolbar.
On the Object menu, click Select Table Entries.
The Select Entries dialog box opens.
2 In the Column Restrictions area, type the desired key value or values into
the Value column.
For example, if you have selected the hosts.byname map and you want
to retrieve the IP address for the host called jane01, you would type
jane01 into the Value column. (The hosts.byname map uses host names
as its key.)
3 Click OK. Directory Services Explorer forwards your query to the
domain server and displays the results (including any error messages).
Note: Queries based on key values are case sensitive. The key
value you supply must be an exact match for the corresponding
value in the object. You cannot specify a key value using pattern
matching expressions.
Chapter 9: Hummingbird Directory Services
223
Sorting Query Results
You can sort the results of a query returned by Directory Services Explorer,
either in ascending or descending order, using any column as the sort key.
When you run a query, the results appear in tabular form in the right pane
of Directory Services Explorer. The format of the table depends on the
service.
NIS/NIS+ Each row in the table corresponds to an entry in the queried
object. Each column corresponds to an attribute of the object.
LDAP Each row in the table corresponds to an attribute of the queried
object. All attributes of the queried object appear in the first column.
To sort the results of a successful query:
Click the title bar at the top of the column you want to use as your sort key.
The first time you click a given title bar, the values in the column sort in
ascending order from the top of column to the bottom. The second time
you click the title bar, the values sort in the reverse order. Thereafter,
successive clicks alternate the sort order. To return the results to their
original, unsorted order, re-run the query.
Saving Query Results
You can configure Directory Services Explorer to save your query results to
a text file. You can then use this file to copy and paste directory service data
into other applications. There are two output methods for building the file:
AppendAdds successive query results to the end of the file; does not
overwrite existing results in the file.
ReplaceOverwrites existing results with the current query results.
You must specify the name of the file and the output method before you can
save any queries.
NFS Maestro Client Users Guide
224
To specify an output file:
1 On the File menu of Directory Services Explorer, select Settings. The
Directory Services Explorer Settings dialog box opens.
2 In the Output File area, select Output to File.
3 In the File Name box, type the name of the output file. You must supply
an absolute path name for the file, including the drive letter (for
example, c:\temp\results.txt). You must have permission to write to
the specified path.
4 Do one of the following:
To append query results to the output file, select Append.
To overwrite the existing output file with the current query results,
select Replace.
5 Click OK. The Directory Services Explorer Settings dialog box closes. The
specified file stores the results from any subsequent queries.
Viewing Object Properties
Directory Services Explorer lets you view the contents of directory service
objects as well as the properties of those objects. Depending upon the
service and the type of object, the properties you can examine include the
following:
the name of the object
the server that stores the object
the access rights for the object, specified as a permission string
Chapter 9: Hummingbird Directory Services
225
To view the properties of an object:
1 In the left pane of Directory Services Explorer, select the object.
2 Display the properties for the object using one of the following
methods:
Right-click the object; on the pop-up menu that appears, click
Proper ties.
On the Object menu, click Proper ties.
Click the Proper ties button on the toolbar.
The properties of the object appear in a Proper ties dialog box named
after the object.
Modifying Profiles
Once you have created a profile, you can modify its properties at any time.
You can also delete a profile.
To modify a profile in Directory Services Explorer:
1 On the File menu, click Settings. The Directory Services Explorer Settings
dialog box opens.
2 From the Directory Service list, select the service whose profile you want
to change. The Profile box lists the profiles you have created for the
selected service.
3 In the Profile box, select the profile you want to modify. Click Proper ties.
The Proper ties box for the selected service opens.
4 In the Proper ties dialog box, modify the domain information for the
selected service. Click OK. The Proper ties dialog box closes.
5 In the Directory Services Explorer Settings dialog box, click OK. The
dialog box closes. The specified profile updates according to your
modifications.
NFS Maestro Client Users Guide
226
To delete a profile in Directory Services Explorer:
1 Follow steps 12 in the previous procedure.
2 In the Profile box, select the profile you want to delete. Click Remove,
and then click OK. The Directory Services Explorer Settings dialog box
closes.
Changing Domain Passwords
Using Directory Services Explorer, you can change your password for a
selected service and domain. Specifically, you can change the entries for
your account in the passwd.byname and passwd.byuid NIS maps, the passwd
NIS+ table, and the LDAP entry for your user name. If you change your
password in a NIS+ domain, Directory Services Explorer changes your
Secure RPC password to the new value as well.
To change your password, you must meet the following requirements:
You must have an account on the server or network on which a service
runs in order to update password objects.
If you are changing your password in an LDAP domain, you must
change it for each of your profiles that bind to that domain.
If you bind to a Microsoft Active Directory LDAP domain, you can
change your password only if you are using 128-bit SSL/TLS
authentication. For more information, see SSL Requirements for
Microsoft Active Directory on page 211.
To update your password information for a given domain:
1 Open Directory Services Explorer.
2 On the File menu of Directory Services Explorer, select Change User
Password. The Change User Password dialog box opens.
3 From the Directory Service list, select the service that controls the
domain. The Profile Name box lists the profiles you have created for the
selected service.
Warning! If you bind to an Active Directory LDAP domain that is
the same as your Windows 2000+ domain, you will change your
Windows password when you change your LDAP password.
Chapter 9: Hummingbird Directory Services
227
4 In the Profile Name box, select the profile that specifies the domain.
Click Change Password. The Change Password dialog box opens.
5 In the User Name box, type your user name.
6 In the Old Password box, type your old password for the domain.
7 In the New Password and Confirm New Password boxes, type your new
password.
8 Click OK. If you are updating your password in a NIS+ domain and
your domain password is not the same as your Secure RPC password,
you must enter your Secure RPC password in the Secure RPC Password
box; then, click OK again. The Change Password dialog box closes.
9 In the Change User Password dialog box, click Done. The dialog box
closes. Directory Services Explorer updates your password (and Secure
RPC password, if applicable) for the specified domain.

Specifying Default Servers for hclnfsd/pcnfsd Authentication
If you have installed NFS Maestro Client on your system, you can use
Hummingbird Directory Services to configure default servers for
hclnfsd/pcnfsd authentication.
For more information on
authentication daemons,
see NFS Client Help.
The pcnfsd daemon comes with most UNIX systems. The hclnfsd daemon
is a Hummingbird product that the NFS system administrator must
compile and run. Both daemons authenticate NFS clients using the
AUTH_SYS protocol.
Note: The new information may take several minutes to propagate
across supplementary servers in the domain.
If you have selected a replica server as the first server in the NIS+
query order, the new password information must first pass up to
the master server before propagating across the other replica
servers.
NFS Maestro Client Users Guide
228
By default, when you try to connect to an exported NFS resource, NFS
Maestro Client requests authentication from the daemons on the NFS
server that exports the resource. If the daemons are not available or not
running on the server, NFS Maestro Client requests authentication from the
authentication server you have configured with Hummingbird Directory
Services. You can change the order in which NFS Maestro Client queries
these authentication agents.
To specify default AUTH_SYS authentication agents:
1 In the Hummingbird Directory Services Proper ties dialog box, select
HCLNFSD/PCNFSD With DNS from the Directory Service list box.
2 If there is a DHCP server on your network and you want to use it to
retrieve the name of an authentication server, do the following:
a) Click DHCP. Hummingbird Directory Services queries the DHCP
server to retrieve the server name and then presents the result in the
HCLNFSD/PCNFSD Proper ties dialog box.
b) If the retrieved server name is correct, click OK. Otherwise, click
Cancel.
3 Click Proper ties. The HCLNFSD/PCSNFSD Proper ties dialog box opens.
Chapter 9: Hummingbird Directory Services
229
4 If you did not do step 2, or if you want to specify a different default
authentication server, type its name into the Server Name box.
Alternatively, you can browse the network to select a server:
a) Click the ellipsis button (). The Find HCLNFSD/PCNFSD Server
dialog box opens.
b) Click Find Now. Hummingbird Directory Services scans the network
to retrieve the names of servers running either or both of the
authentication daemons (pcnfsd, hclnfsd).
c) From the list of servers, select the server you want to use for
authentication; then, click OK.
In the HCLNFSD/PCSNFSD Proper ties dialog box, the Resolution Order
area lists the order, from top to bottom, of the authentication agents
that NFS Maestro Client contacts. NFS Maestro Client seeks
authentication with the first available agent from the list.
5 If you want to change the position of an agent in the list, select the agent
and use the Up or Down buttons to move it up or down the list.
6 Click OK to apply the configuration.
Configuring Directory Services
The following sections describe how you can configure directory services
for Hummingbird Connectivity applications.
Selecting Services
After you have established a user or system profile using Hummingbird
Directory Services, you can select any service that has a domain specified in
that profile. Any queries made by Hummingbird Connectivity applications
target the domain for the selected service.
NFS Maestro Client Users Guide
230
To select a service:
1 Open the Hummingbird Directory Services Proper ties dialog box.
2 In the Directory Services Settings area, select the profile type you want to
use (User Settings or System Settings).
3 From the Directory Service list, select the service you want to use. To
specify no service, do one of the following:
For more information, see
Specifying Default
Servers for hclnfsd/pcnfsd
Authentication on
page 227.
If you have installed NFS Maestro Client on your system, select
HCLNFSD/PCNFSD with DNS. NFS Maestro Client uses the
authentication agent you have specified in the HCLNFSD/PCSNFSD
Proper ties dialog box to retrieve AUTH_SYS credentials.
If you have not installed NFS Maestro Client on your system, select
DNS.
4 Click OK. The Hummingbird Directory Services Proper ties dialog box
closes.
Modifying Profiles
Once you have created a user or system profile, you can modify its
properties at any time. You can also remove the bind information for a
particular service.
For information on modifying and removing name mapping profiles, see
Creating and Modifying Name Mapping Profiles on page 243.
Note: You do not need to select HCLNFSD/PCNFSD with DNS to
use hclnfsd/pcnfsd for authentication: select any directory service
(NIS/NIS+/LDAP) from the Directory Service list; then, in the
Authentication area, select HCLNFSD/PCNFSD Only For
AUTH_SYS Authentication. In this case, NFS Maestro Client uses
the authentication agent you have specified in the
HCLNFSD/PCSNFSD Properties dialog box, regardless of the
currently selected directory service.
Note: You must be the administrator for the machine to modify the
system profile or remove a service from it.
Chapter 9: Hummingbird Directory Services
231
To modify a profile:
1 Open the Hummingbird Directory Services Proper ties dialog box.
2 In the Directory Services Settings area, select the profile you want to
change (User Settings or System Settings).
3 From the Directory Service list, select the directory service whose
domain information you want to change.
4 Click Proper ties. The Proper ties dialog box for the selected service
opens.
5 In the Proper ties dialog box, modify the domain information for the
selected service as necessary. Click OK. The Proper ties dialog box closes.
6 In the Hummingbird Directory Services Proper ties dialog box, click OK.
The dialog box closes. The specified profile updates according to your
modifications.
To remove a directory service from a profile:
1 Follow steps 13 in the previous procedure.
2 Do one of the following:
To remove the all directory services from the selected profile, click
Reset. A message appears confirming the deletion. Click Yes.
To remove a particular directory service from the selected profile,
click Proper ties. In the Hummingbird Directory Services Proper ties
dialog box that opens, from the Directory Service list, select a service
that has a domain specified for it, and click Remove. Click OK to
close the Hummingbird Directory Services Proper ties dialog box. The
specified service is automatically removed from the profile.
NFS Maestro Client Users Guide
232
Disabling User Profiles
The administrator for the machine can disable all existing user profiles (and
prevent new ones from being created). In this case, all users must bind to
directory service domains using the system profile.
To disable user profiles:
1 In the Hummingbird Directory Services Proper ties dialog box, select the
Disable User Settings for All Users check box.
2 Click OK. The Hummingbird Directory Services Proper ties dialog box
closes. Users can no longer create or bind to domains using a user
profile.
Specifying Host Lookup Services
Hummingbird Directory Services lets you specify the target service for host
name queries. Hummingbird Connectivity applications that need to resolve
an IP address into a host name (or vice versa) send their queries to the
selected target.
To specify a target for host name queries:
1 Open the Hummingbird Directory Services Proper ties dialog box.
2 In the Directory Services Settings area, select the profile you want to use
(User Settings or System Settings). If you want to target a directory
service, select it from the Directory Service list. (The domain for this
service must be specified in the selected profile.)
Note: If user profiles have been disabled, you can run keylogin to
bind to NIS+ using your user NIS+ credentials. For more
information, see Running Keylogin on page 234.
Note: Exceed users cannot use Hummingbird Directory Services
to specify a host lookup service.
Chapter 9: Hummingbird Directory Services
233
3 In the Host Name Lookup Using area, do one of the following:
To send queries only to the Domain Name Service (DNS), select
DNS.
To send queries only to the service selected in the Directory Service
list, select Directory Services.
To send queries to both services, select Directory Services and DNS.
If you select this option, you can also specify a query order by
selecting the Check DNS First check box.
4 Click OK to apply your settings.
Synchronizing Passwords
You can use Hummingbird Directory Services to automatically synchronize
your password for a given domain with your Windows password. The
domain is specified in the currently selected profile for the currently
selected directory service. Anytime you change your Windows password,
your password in the specified domain changes to the same value.
If you bind to a Microsoft Active Directory LDAP domain, you can
synchronize your password only if the following conditions are true:
For more information, see
SSL Requirements for
Microsoft Active Directory
on page 211.
You are using 128-bit SSL/TLS authentication.
The LDAP domain is not the same as your Windows 2000 domain. If it
is, your LDAP password automatically updates whenever you change
your Windows password.

To synchronize your passwords:
1 In the Hummingbird Directory Services Proper ties dialog box, select the
Synchronize Windows Network Password check box.
2 Click OK.
Note: Users of NFS Maestro Server and Exceed cannot use
Hummingbird Directory Services to synchronize passwords.
NFS Maestro Client Users Guide
234
Running Keylogin
You can run the keylogin function to bind to NIS+ using specific user
credentials. You need to do so only if you are using the system profile for
NIS+ and you want to perform a task that requires user credentials.
To run keylogin:
1 Open the NIS+ Proper ties dialog box. Click Keylogin. The NIS+ Keylogin
dialog box opens.
2 Type your user name for the NIS+ domain into the User Name box.
3 Type your Secure RPC password into the Secure RPC Password box.
4 Click OK. The NIS+ Keylogin dialog box closes. Hummingbird Directory
Services uses the specified name and password to generate your DES
credentials.
You can also run keylogin using the keylogin command line application.
For more information, see Hummingbird Directory Services Help.
Specifying Name Mapping Servers
For more information on
mapping names, see NFS
Maestro Name Mapping
Server Configuration Help.
NFS Maestro Name Mapping Server Configuration lets you map user and
group names from Windows domains to their corresponding values in an
NFS domain, such as UNIX user identification (UID) and group
identification (GID) values. Name mappings are used by Hummingbird
Connectivity applications, and can be stored on two types of name mapping
servers: Hummingbird and LDAP.
Chapter 9: Hummingbird Directory Services
235
Hummingbird Name Mapping Servers
For information on setting
this pre-set time interval
(synchronization time), see
NFS Maestro Name
Mapping Server
Configuration Help.
Hummingbird name mapping servers stores name mappings locally in a
name mapping database in the Windows registry. The NFS Maestro Name
Mapping Server Configuration service retrieves NFS and Windows account
information at pre-set time intervals from their respective domains and
stores them in the name mapping database on the server. When required,
name mapping clients can then query this service to obtain Windows-to-
NFS or NFS-to-Windows mappings residing in the database.
When a user or group account becomes deactivated (removed or disabled),
the account and its mappings remain unaffected and are accessible by name
mapping clients until the next time the name mapping server is refreshed or
restarted. For this reason, name mappings residing on this type of name
mapping server may become obsolete.
If multiple name mapping servers are available on your network, you can
specify which servers you want to use. You can specify up to two servers:
applications target the primary server first, if it is available; otherwise,
applications target the secondary server.
LDAP Name Mapping Servers
Provided that an LDAPv3-compliant server is available, you can configure it
as a name mapping server on which to store name mapping information. In
this case, the name mapping server stores the mapping information using
Windows and UNIX user and group names, and without the use of UID,
GIDs, or SIDs. When required, name mapping clients can then query this
LDAP server to obtain the latest Windows-to-NFS or NFS-to-Windows
mappings and to resolve them dynamically. For information on configuring
an LDAP name mapping server, see Configuring LDAP Name Mapping
Servers and Clients on page 237.
When a user or group account is removed from its corresponding account
database, its mappings immediately become invalid in the LDAP name
mapping server. In this case, you must manually remove the invalid
mappings from the server.
NFS Maestro Client Users Guide
236
To specify name mapping servers:
1 Open the Hummingbird Directory Services Proper ties dialog box.
2 Click the Name Mapping tab.
To clear name mapping
settings for the selected
name mapping server type,
click Reset.
3 On the Name Mapping page, select Hummingbird in the Server Type box,
and select one of the following options:
HummingbirdSelect this option if you want name mapping
clients to obtain name mapping information from one or more
Hummingbird name mapping servers.
LDAPSelect this option if you want name mapping clients to
obtain name mapping information from an LDAP name mapping
server.
Chapter 9: Hummingbird Directory Services
237
4 If you want to manually specify the name of the name mapping
server(s) you want to use, click Proper ties. One of the following dialog
boxes opens:
If the selected server type is Hummingbird, the Hummingbird Name
Mapping Servers dialog box that opens. In the dialog box, type the
name of the primary server in the Primary box. If you want to
specify a secondary server, type its name in the Secondary box. You
can specify a secondary server only if you have specified a primary
server. Click OK to close the dialog box.
If the selected server type is LDAP, the LDAP Name Mapping Server
Proper ties dialog box opens, which lets you create a name mapping
profile. In the dialog box, make the necessary changes, and click OK
to close the dialog box. For more information on creating name
mapping profiles, see Creating and Modifying Name Mapping
Profiles on page 243.
5 If there is a DHCP server on your network, and you want to use it to
retrieve the names of available Hummingbird or LDAP name mapping
servers, make sure that the appropriate server type is selected, and click
DHCP. Hummingbird Directory Services queries the DHCP server to
retrieve the server names. Results are then presented in the Hummingbird
Name Mapping Servers dialog box or the LDAP Name Mapping Server
Proper ties dialog box, as appropriate. Click OK to close the dialog box.
6 Click OK.
Configuring LDAP Name Mapping Servers and Clients
For more information on
Hummingbird and LDAP
name mapping servers,
see Specifying Name
Mapping Servers on
page 234.
By default, Windows-to-NFS and NFS-to-Windows name mappings are
stored locally on a machine running Hummingbird Name Mapping Server.
If Windows user and group account information resides on a Windows
2000/2003 Active Directory domain controller, you can configure name
mappings to be stored on a network-wide Active Directory by configuring
an LDAP name mapping server. You can configure your existing domain
controller or any other LDAPv3 compliant server into an LDAP name
mapping server.
NFS Maestro Client Users Guide
238
Configuring Name Mapping Servers
The basic procedure for configuring an LDAP name mapping server is as
follows:
1 Apply the appropriate name mapping schema extension to your name
mapping server by running the Hummingbird name mapping schema
extension application (NameMappingSchemaChange.exe). For more
information, see Extending the Active Directory Schema for Name
Mapping on page 239.
2 If necessary, create Windows-to-NFS or NFS-to-Windows name
mappings to be stored on the LDAP name mapping server using the
NFS Maestro Name Mapping Server console. For more information, see
NFS Maestro Name Mapping Server Configuration Help.
Note: If you are using an LDAP server other than a Windows
2000/2003 Active Directory domain controller, you must manually
extend the name mapping schema. For more information, contact
Hummingbird Technical Support.
Note: You can create name mappings to be stored on the LDAP
name mapping server using only NFS Maestro Name Mapping
Server console, and not NFS Maestro Name Mapping Server
Configuration dialog boxAll mappings created with this dialog
box are stored only on Hummingbird name mapping servers.
Chapter 9: Hummingbird Directory Services
239
Configuring Name Mapping Clients
Once you have properly set up the LDAP name mapping server, you can
then configure name mapping clients to query this server by doing the
following for each name mapping client:
For more information on
joining a domain, see your
Microsoft Windows
documentation.
1 Join your name mapping client machine to the Windows 2000/2003
Active Directory domain. This step is required in order for the name
mapping client to retrieve necessary Windows user and group
information.
2 Configure a directory service (NIS, NIS+, or LDAP) for your name
mapping client. This step is required in order for the name mapping
client to retrieve necessary UNIX user and group information. For
more information, see the Configuring Directory Services book in
this Help.
3 Configure your name mapping client to query the LDAP name
mapping server. For more information, see Specifying Name Mapping
Servers on page 234.
Extending the Active Directory Schema for Name
Mapping
For more information, see
Microsoft Active Directory
Schema and Extensions
in Hummingbird Directory
Services Help.
In order to convert an LDAPv3 compliant server or Windows 2000/2003
Active Directory domain controller into an LDAP name mapping server,
you must extend its default schema with the appropriate Hummingbird
name mapping schema extension. This extension contains the attributes
and object classes, prefixed with HumNM-, required to store name mappings.
These attributes and object classes are listed in detail on the following pages.
Once the schema is extended, the following is created on your name
mapping server:
Windows 2000cn=hummingbird, dc=domainname, dc=com (container)
Windows 2003dc=hummingbird, dc=domainname, dc=com
(application partition)
where domainname is the name of the domain to which the your domain
controller belongs. A name mapping container (either cn=NM or ou=NM,
depending on the operating system for your domain controller), is also
created in this container/partition to store mapping information.
NFS Maestro Client Users Guide
240
To extend the name mapping schema:
1 Log onto the domain controller locally as an Active Directory user with
Schema Admin privileges.
2 In the command prompt, run the Hummingbird name mapping
schema extension application (NameMappingSchemaChange.exe), stored
in the NFS Maestro installation directory, which you can specify during
product installation. The default location for this directory is as follows:
C:\Program Files\Hummingbird\Connectivity\version\
Installer Media\NFS Maestro Name Mapping\
A messages appears confirming that you want to apply the schema
extensions on your machine. Type y to continue.
If the schema extension is successful, the schema extension application
returns the search base associated with the current name mapping server. It
is recommended that you record this information, as you will require it
when creating name mapping profiles. For more information, see Creating
and Modifying Name Mapping Profiles on page 243.
Note: Before proceeding, it is recommended that you back up
your data, as all schema operations are permanent and should be
performed only by advanced administrators.
Chapter 9: Hummingbird Directory Services
241
The following is an example of the messages that appear when you run the
Hummingbird name mapping schema extension application:
C:\Temp>C:\Temp\NameMappingSchemaChange.exe
WARNING: This utility will install the schema extensions on a Windows 2000
or 2003 domain controller for use with the Hummingbird Name Mapping
applications. Extending the schema is a permanent procedure and should
only be taken by advanced administrators. Please check the appropriate
documentations before proceeding.
The following two requirements must be met:
1. Run locally on an Active Directory domain controller that is a Schema
Master
2. Run by an Active Directory User that has Schema Admin privileges
Do you want to continue (y/n)? [n]: y
humNM-Flags Attribute defined.
humNM-MapType Attribute defined.
humNM-Primary Attribute defined.
humNM-Nfsv4Domain Attribute defined.
humNM-UnixGroupName Attribute defined.
humNM-UnixUserName Attribute defined.
humNM-WindowsDomain Attribute defined.
humNM-WindowsGroupName Attribute defined.
humNM-WindowsUserName Attribute defined.
humNM-GenericName Attribute defined.
humNM-Sid Attribute defined.
humNM-GroupMap Class defined.
humNM-UserMap Class defined.
dc=Hummingbird Application Partition defined.
CN=NM,DC=Hummingbird,DC=windows,DC=com Container defined.
Search base for LDAP Name Mapping: DC=Hummingbird,DC=windows,DC=com
C:\Temp>
NFS Maestro Client Users Guide
242
Attributes
The following is a list of attributes defined for the name mapping schema:
Attribute OID Description Data Type
HumNM-Flags 1.3.6.1.4.1.5966.1.1.0 Hummingbird Name Mapping
General Purpose Flags
Integer
HumNM-GenericName 1.3.6.1.4.1.5966.1.1.1 Hummingbird Name Mapping
Generic Name
Unicode
string
HumNM-MapType 1.3.6.1.4.1.5966.1.1.2 Hummingbird Name Mapping
Type Indicator
Integer
HumNM-Nfsv4Domain 1.3.6.1.4.1.5966.1.1.3 Hummingbird Name Mapping
NFSv4 Domain
Unicode
string
HumNM-Primary 1.3.6.1.4.1.5966.1.1.4 Hummingbird Name Mapping
User/Group Primary Indicator
Boolean
HumNM-Sid 1.3.6.1.4.1.5966.1.1.5 Hummingbird Name Mapping
SID from Local Domain
Unicode
string
HumNM-UnixGroupName 1.3.6.1.4.1.5966.1.1.6 Hummingbird Name Mapping
Unix Group Name
Unicode
string
HumNM-UnixUserName 1.3.6.1.4.1.5966.1.1.7 Hummingbird Name Mapping
Unix User Name
Unicode
string
HumNM-WindowsDomain 1.3.6.1.4.1.5966.1.1.8 Hummingbird Name Mapping
Windows Domain
Unicode
string
HumNM-WindowsGroupName 1.3.6.1.4.1.5966.1.1.9 Hummingbird Name Mapping
Windows Group Name
Unicode
string
HumNM-WindowsUserName 1.3.6.1.4.1.5966.1.1.10 Hummingbird Name Mapping
Windows User Name
Unicode
string
Chapter 9: Hummingbird Directory Services
243
Object Classes
The following is a list of object classes defined for the name mapping
schema.
Creating and Modifying Name Mapping Profiles
Before you can connect to an LDAP name mapping server, you must bind to
the appropriate LDAP domain. The basic procedure for creating a name
Object Class OID Corresponding Attributes
HumNM-UserMap 1.3.6.1.4.1.5966.1.2.0 Mandatory attributes:
HumNM-MapType
HumNM-Nfsv4Domain
HumNM-Primary
HumNM-UnixUserName
HumNM-WindowsDomain
HumNM-WindowsUserName
Optional attributes:
HumNM-Flags
HumNM-GenericName
HumNM-Sid
HumNM-GroupMap 1.3.6.1.4.1.5966.1.2.1 Mandatory attributes:
HumNM-MapType
HumNM-Nfsv4Domain
HumNM-Primary
HumNM-UnixGroupName
HumNM-WindowsDomain
HumNM-WindowsGroupName
Optional attributes:
HumNM-Flags
HumNM-GenericName
HumNM-Sid
NFS Maestro Client Users Guide
244
mapping profile, similar to that for an LDAP profile, is described below.
To create or modify a name mapping profile:
1 Open the Hummingbird Directory Services Proper ties dialog box, and
click the Name Mapping tab.
2 In the Server Type list box of the Name Mapping page, select LDAP, and
click Proper ties. The LDAP Name Mapping Server Proper ties dialog box
opens. The name of the profile is automatically set to NameMapping.
Note: Before creating or modifying a name mapping profile, make
sure that you have the proper search base information for the
LDAP name mapping server to which you want to bind. This
information is automatically generated when you run the
Hummingbird name mapping schema extension application
(NameMappingSchemaChange.exe). For more information, see
Extending the Active Directory Schema for Name Mapping on
page 239.
Chapter 9: Hummingbird Directory Services
245
3 On the General page of the dialog box, do the following:
a) Specify the information that defines the LDAP domain and the
bind method you want to use.
For more information, see
Specifying LDAP
Domains and Bind
Methods on page 206.
If an LDAP directory service profile is already configured in the
General page of the Hummingbird Directory Services Proper ties dialog
box, and the specified server is a name mapping server, you can
click Copy to retrieve the settings for that LDAP profile. Otherwise,
click Add to open the LDAP Server Configuration dialog box, which
lets you specify a new LDAP name mapping server.
b) In the Search Base box, specify the appropriate search base for the
specified name mapping server. This information is provided by the
Hummingbird name mapping schema extension application. For
more information, see Extending the Active Directory Schema for
Name Mapping on page 239.
For more information, see
Specifying Authentication
Methods for LDAP
Profiles on page 214.
4 On the Security page, specify the credentials and authentication method
you want to use to bind to the LDAP domain.
NFS Maestro Client Users Guide
246
5 On the Schema page, in the Server Type list box, select the appropriate
type for your name mapping server to display the object definitions and
containers used to store mapping information on the server. For more
information on the name mapping schema displayed in this dialog box,
see Extending the Active Directory Schema for Name Mapping on
page 239.
6 Click OK to close the LDAP Name Mapping Server Proper ties dialog box.
7 Click OK to close the Hummingbird Directory Services Proper ties dialog
box.
Chapter 9: Hummingbird Directory Services
247
To remove a name mapping server from a profile:
1 Open the Hummingbird Directory Services Proper ties dialog box, and
click the Name Mapping tab.
2 In the Server Type list box of the Name Mapping page, select LDAP, and do
one of the following:
To remove all configured name mapping servers from the name
mapping profile, click Reset. A message appears confirming the
deletion. Click Yes.
To remove a particular name mapping server from the name
mapping profile, click Proper ties. In the LDAP Name Mapping Server
Proper ties dialog box that opens, select the server you want to
remove, and click Remove. Click OK to close the LDAP Name
Mapping Server Proper ties dialog box. The specified server is
automatically removed from the profile.
Specifying the NFSv4 Domain
For more information on
DNS domains and NFS
name spaces, see NFS
Maestro Name Mapping
Server Configuration Help.
In order to map NFS clients that use NFSv4, you must specify an NFSv4
domain. You can manually specify this domain or automatically obtain this
domain from DNS text resource records residing on DNS servers.
NFS Maestro Client Users Guide
248
To specify the NFSv4 domain:
1 Open the Hummingbird Directory Services Proper ties dialog box.
2 Click the NFSv4 Domain tab. The NFSv4 Domain page opens.
3 In the Use Domain list box, specify the NFSv4 domain you want to use.
By default, this box displays the DNS domain name configured for your
machine and lists the domain for the currently configured directory
service. If necessary, in the list box, type or select the appropriate NFSv4
domain for your organization.
4 Click OK.
Chapter 9: Hummingbird Directory Services
249
Running Command Line Applications
For more information on
the command line
applications, see
Hummingbird Directory
Services Help.
The Hummingbird Directory Services command line applications let you
browse and access directory service objects. By default, the applications
target the domains specified in the currently selected profile. The following
table summarizes the available applications.
Command Description
chkey Changes your private and public key pair or your Secure RPC
password in a given NIS+ domain.
keylogin Retrieves and decrypts your secret key from the NIS+ cred
table, and then stores it locally.
niscat Displays the contents of a given NIS+ table.
nisls Lists the contents of a given NIS+ domain.
nismatch Returns the entries in a given NIS+ table that match specific
key values.
nispasswd Changes or displays your password information in a given
NIS+ domain.
ypcat Displays the contents of a given NIS map.
ypmatch Returns the entries in a given NIS map that match a specific
key value.
yppasswd Changes your password information in a given NIS domain.
ypwhich Displays the name of the master server for a given NIS domain
or the NIS server for a given host.
ldappasswd Changes your password in a given LDAP domain.
Appendix A
Integrating hclnfsd
The hclnfsd Daemon 253
hclnfsd versus pcnfsd 253
Transferring and Compiling hclnfsd 253
Troubleshooting hclnfsd Compilation 255
Running hclnfsd on the Server 256
Servers File Format 258
Error Messages 259
Appendix A: Integrating hclnfsd
253
The hclnfsd Daemon
NFS servers must run an authentication daemon to authenticate NFS
clients (such as PC clients) that do not supply NFS credentials. Most NFS
servers come with pcnfsdthe standard authentication and print daemon.
hclnfsd is Hummingbirds implementation of the NFS authentication and
print daemon, specifically designed for use with NFS Maestro Client.
hclnfsd versus pcnfsd
hclnfsd provides the following additional features that are not available with
pcnfsd:
32-bit record locking support, which enhances the native lock manager
on the NFS server (UNIX lock managers generally do not support
32-bit record locking). Some Windows applications, such as Microsoft
Excel and Microsoft Word, require 32-bit locking.
Multiple group support. Under UNIX, a user can belong to multiple
user groups (that have multiple GIDs). hclnfsd returns up to 16 group
IDs (GIDs) that can be used by the PC when accessing files. Versions of
pcnfsd prior to version 2 return only the default GID for the user.
DOS-style sharing support. hclnfsd can provide DOS-style sharing,
even if the NFS server provides no locking or has a faulty lock daemon.
Transferring and Compiling hclnfsd
To use the hclnfsd daemon, you must transfer the source code to your NFS
server and compile the code before running the daemon. The source code is
included in the NFS Maestro Client package. (Pre-compiled versions of
hclnfsd are available from our FTP site, ftp.hummingbird.com.)
Note: hclnfsd requires other daemons, such as portmapper and
mountd, to be active on the server. You can verify the status of
these programs using NFS Maestro Client. For more information,
see Verifying Required RPC Daemons on page 97.
NFS Maestro Client Users Guide
254
To transfer the hclnfsd code to the NFS server:
1 Log into the NFS server.
2 Create a location where you can compile the hclnfsd source code (for
example, create a directory called Hclnfs).
3 Transfer the following files from the Utility subdirectory of the NFS
Maestro Client installation directory to the Hclnfs directory on the NFS
server. Use FTP in ASCII mode:
hclnfsd.c
hclprint.c
hcllock.c
makefile
The programs hclnfsd.c, hclprint.c and hcllock.c need to be compiled
and linked together using the makefile provided. The hclprint.c code
provides user-modifiable print filter support.
To compile hclnfsd:
1 Log into the NFS server using a Telnet program and change to the
Hclnfs directory.
2 From the list below, select the UNIX operating system that is running
on the server, and type the relevant make command.
UNIX System make Command
AT&T Sys III or V systems make sys5
Berkeley Software Design Unix make bsdi
Berkeley (BSD) derived OS make bsd
DEC OSF/1 v3.0 make osf30
DEC OSF/1 v3.2d make osf32
HPUX 8.07 and others make hpux
HPUX 10.01 and others make hp10
IBM AIX for RS/6000 or PS/2 make aix
Appendix A: Integrating hclnfsd
255
Typing make by itself gives you the current list of supported systems with
make definitions.
Troubleshooting hclnfsd Compilation
Because there are many implementations of UNIX, and different vendors
place functions in different #include files, Hummingbird is unable to
supply a Makefile that compiles correctly on all systems.
If you encounter compilation errors where an #include file is not found on
your system, comment out the corresponding #include line in the .c files
and recompile. This causes the compilation to fail again, but with the
specific functions listed as errors. Use the grep utility to search the system
header files for these specific functions, or consult your documentation to
determine the correct locations for these functions.
Linux make linux
Linux (Redhat) 6.2 and above make libc6
Santa Cruz Operation (SCO) make sco
Silicon Graphics make sgi
Solaris 2.1 make solaris21
Solaris 2.2 make solaris22
Solaris 2.3 make solaris23
Solaris 2.4 make solaris24
Solaris 2.5 make solaris25
Solaris 2.6 make solaris26
Sun or compatible running Sun OS make sun
System V Release 3 systems make sys3
System V Release 4 systems make svr4
Univel (also, UNIXWARE) make univel
Unixware v2.01 make unixware
UNIX System make Command
NFS Maestro Client Users Guide
256
Once you have determined which #include files you need and where they
are located, you can include them in the .c files and run make again. If you
still encounter problems, contact Hummingbird Technical Support.
If the implementation of UNIX on the NFS server uses the Shadow
Password database, you must edit the makefile code as follows:
1 Add the flag -DSHDW to the specific entry you are using.
2 Remove the flag -DSHADW from the specific entry you are using.
When the file finishes compiling, you can run it on the server.
Running hclnfsd on the Server
When you run the hclnfsd command on the NFS file server, the server
creates a process which provides authentication for NFS clients and also
provides file locking and file printing capabilities.
To run the hclnfsd command, you must be the root user. You can also
include the hclnfsd command at the end of the system startup file on the
server (typically rc.local) so that the daemon starts automatically.
Warning! Never stop hclnfsd with a kill -9 xxxx command on
the server. If you need to stop hclnfsd, use the kill xxxx
command, where xxxx is the hclnfsd process ID (PID).
Appendix A: Integrating hclnfsd
257
Syntax
hclnfsd [-A] [-d] [-d] [-l log] [-X] [-s servers] [staging_dir]
Options
-A Tells the daemon to serve all hosts, not just requests to this
server. This option is recommended.
-d Starts hclnfsd in debug mode, which may be required to
resolve unusual problems. Repeat this parameter for more
detailed information.
-s servers Allows the daemon to serve more than one host. The
servers file specified contains entries that indicate which
additional machines are to be served by the daemon and
which other server machines have such daemons.
-X Disables the printing option for remote users. To enable
printing, specify a name for the spool area resource
(staging_dir) and exclude this option.
-l log Produces the specified log file, log, when the daemon is
running. You can view log later for troubleshooting
purposes.
staging_dir Specifies the name of the printing spool resource that is
available for access (if the -X option is not used).
staging_dir is the working directory used by hclnfsd to
temporarily store print files from PCs prior to printing.
If you specify staging_dir, ensure the following:
staging_dir is world-writable
staging_dir is included in the /etc/exports file on the
server (so that NFS clients can connect to it)
the NFS server has host access rights to staging_dir
NFS Maestro Client Users Guide
258
Servers File Format
The servers file can contain any combination of the following lines:
+address/hostname
-address/hostname
=address/hostname
address/hostname
where:
address/hostname refers to an IP address, host name, or network
address or name which matches all IP addresses on the specified
network
+ indicates that the daemon is to service requests for the named host or
network
- indicates that the daemon is not to service requests for the named host
or network
= indicates that the daemon is to take requests for the first named host
or network and pass them on to the host which authenticates the user
Without the -A or -s options, hclnfsd authorizes access only to the machine
on which it is executing. Hosts with more than one IP address must use
either the -A option or the -s option with all of the hosts IP addresses in
the servers file.
The IP address 0.0.0.0 is a wild-card match. hclnfsd searches for the first
matching entry in the file, so if the first line of the file is
+0.0.0.0
then all lines that follow are ignored.
Example
The servers file on the host fred contains the following line:
=joe jane
The servers file on host jane contains the following line:
+joe
Appendix A: Integrating hclnfsd
259
When an NFS client on the PC george wants to connect to a filesystem on
the host joe, the following sequence takes place:
1 PC george attempts to authenticate on host joe.
2 Host joe returns a no server error.
3 PC george tries the default server fred for host joe.
4 Host fred responds with a redirect to jane.
5 PC george attempts to authenticate on host jane for joe.
6 Host jane responds to the authentication request.
Error Messages
If the following error message appears,
hclnfsd: Spool mount point directory could not be mounted.
check that the filesystem directory is available to NFS on the server by
running the exports command line application on the PC:
exports IPaddress
For example, if the IP address for your NFS server is 192.42.6.252, type the
following:
exports 192.42.6.252
This command returns the list of available filesystems:
Export list for 192.42.6.252
/ pc1 pc2
/u0 (everyone)
/usr/spool pc1 pc2 pc3
In this example, the /u0 file system is available, along with all filesystems
under it, to all users. The / and /usr/spool filesystems are available only to
the machines listed.
NFS Maestro Client Users Guide
260
If the output from the exports application indicates that the filesystem is
exported to a specific set of machines, the name of the server itself must be
included in the list of machines. In the example above, starting hclnfsd with
hclnfsd -A /usr/spool would receive the error shown above since the
server itself (192.42.6.252) is not in the list of machines authorized to
connect to the file system.
If directory is not available, make it accessible to all users or specify the
correct directory to use. Ensure that the hclnfsd spool directory is located in
a real directory and not in a directory that is a symbolic link to another
directory.
Other possible error messages from the operating system are as follows:
clntudp_create: RPC: Program not registered
This message indicates that the server mount daemon is not running.
The daemon is normally called either mountd or rpc.mountd and must
be started by your UNIX system manager.
clntudp_create: RPC: Port mapper failureRPC: Timed out
This message indicates that the portmapper daemon is not running.
The optional -d parameter can be used to run hclnfsd in full debug mode if
any other problems are encountered. This option writes debugging
information to the system console. To write the debugging information to a
file, you could start hclnfsd with the following command:
hclnfsd -d -A directory > out.lst
and all debugging messages would be written to the file out.lst.
If you included the -l log option, all messages will be written to this file
while the daemon is running.
Appendix B
Troubleshooting
Troubleshooting Check List 263
Troubleshooting Printer Shares 264
Viewing Disk Space and File Quotas 265
NFS Error Messages 267
Access Denied to a File/Directory 267
Access Denied While Mounting 267
Authorization Error While Mounting 268
Bad Activation Key Message 268
Disk Full Error 268
Invalid Remote Device Error 269
Authentication Daemon Timeout Error 269
Not Enough Disk Space in Temp Directory 269
Out of Memory Error 270
Permission Denied 270
Read/Write Errors 270
Remote Host Unavailable Error 271
Frequently Asked Questions 271
Troubleshooting Authentication 272
Weak Authentication 273
AUTH_DH/AUTH_DES Troubleshooting 274
Installation Troubleshooting 276
Appendix B: Troubleshooting
263
Troubleshooting Check List
If you are experiencing problems connecting to an NFS server, consider the
following:
Host Name/IP Addresses
Verify that the host is running.
Verify that the host name or IP address of the NFS server is correct. If
one does not work, try the other. If specifying an IP address works but a
host name does not, then the DNS server, Hosts file, or directory service
is not resolving the host name to the correct IP address.
The location of the Hosts file depends on your operating system:
Verify that the IP address of the NFS server is not a duplicate address. To
verify this, turn off the server and ping the IP address from another
network computer. If there is a response, another network device has
the same IP address.
Software
Verify with the system administrator that the NFS service is running on
the server.
For more information, see
Verifying Required RPC
Daemons on page 97.
Use the RPCInfo page of the Remote Info application to see if the correct
daemons are running on the host.
System File Location
Windows 2000 Winnt\system32\driver\etc
Windows XP Windows\system32\drivers\etc
NFS Maestro Client Users Guide
264
Authentication
Make sure that the user name and password are correct for the server to
which you are trying to connect. Your user name and password may not
be the same on all servers to which you have access.
For more information, see
Verifying Required RPC
Daemons on page 97.
Use the RPCInfo page of the Remote Info application to ensure that
hclnfsd (or pcnfsd) is running on the computer associated with the user
name and password. If necessary, check the default authentication
server.
Check if an authentication server is being used. If one is, and if that
server does not handle login attempts, it is not possible to verify the
user name and password.
Network Support
Verify that the TCP/IP stack is working. Use the Ping program in Windows
to test whether it is possible to reach the server.
Troubleshooting Printer Shares
For more information on
the wizard, see Setting
Initial Values for Client
Properties on page 126.
As of version 9.0, NFS Maestro Client caches printer share information. The
first printer-share cache occurs when you click on a host in the Windows
Shell (for example, in Windows Explorer). The cache is queried each time
you refresh shares using the network component. The cache is emptied once
it is full or you restart the computer. For the cache operation to proceed, the
Hummingbird Export service must be running.
For more information on
viewing and refreshing
shares, see Listing and
Exploring NFS Resources
on page 91.
If you experience performance problems when viewing printer shares in the
network component, the Hummingbird Export service may have stopped.
To resolve the problem, restart the service.
To restart the Hummingbird Export service:
1 Open the Services application in the Windows Control Panel. (In
Windows 2000, the Services application is part of Administrative Tools
in the Control Panel.)
2 In the list of local services, locate and select Hummingbird Expor t.
3 If the status of the service is not Star ted, click Star t Service.
Appendix B: Troubleshooting
265
Viewing Disk Space and File Quotas
Filesystem quotas let NFS administrators manage disk space and file usage
for multiple users. For each connection to an exported NFS resource, you
can determine the disk space and file usage quotas that have been applied to
you. The quota applies to the user whose name you supplied when you
made the connection.
To view quota restrictions, the following conditions must be true:
a quota daemon is running on the NFS server
you have been granted quota access
To view quota information for a connection:
1 In Windows Explorer, right-click the connected drive. On the pop-up
menu that opens, click Proper ties.
2 In the Proper ties dialog box for the selected connection, click the Quota
tab. The Quota page displays the quota information (described below)
for the user account that you used to make the connection.
3 To refresh the quota information, click Refresh.
You can also view quota information using the Remote Quota application.
For more information on Remote Quota, see NFS Maestro Client Help.
NFS Maestro Client Users Guide
266
Remote Quota Information
The quota daemon returns the following quota information for a given
connection and user:
Disk Space Quota Information
Diskspace Used Total space occupied by the users directories and files.
Diskspace Quota
(Soft Quota)
Disk space limit that the user can exceed for a period of
time.
Hard Limit
(Hard Quota)
Maximum upper limit for disk space.
Grace Period Amount of time remaining during which the user can
exceed the soft quota. If the user has reached this limit,
Grace Period indicates (Expired).
File Quota Information
Files Used Total number of files.
File Quota
(Soft Quota)
Limit on files the user can exceed for a period of time.
Hard Limit
(Hard Quota)
Maximum upper limit for number of files.
Grace Period Amount of time remaining during which the user can
exceed the soft quota. If the user has reached this limit,
Grace Period indicates (Expired).
Appendix B: Troubleshooting
267
NFS Error Messages
This following sections describe common problems that may be
encountered during NFS operations.
Access Denied to a File/Directory
This message appears when you run commands from the command line.
There was an attempt to run an executable file, but the execute permission
bit is not set either for your group or for everyone. Do one of the following:
If you are the owner of the file, grant the execute permission.
Select the Ignore Execute Bit option on the Advanced page of the
Hummingbird NFS Maestro Client Proper ties dialog box.
Access Denied While Mounting
This error occurs if, during the authorization process, the server denies the
request for a particular filesystem. Exported filesystems are granted on a
host name basis. The least restrictive form of security is to export the
filesystem to everyone. The most restrictive form of security is to export the
filesystem to particular machines.
Check the exports file on the NFS server and verify that your client
machine name has been given access to the filesystem to which you are
attempting to connect. The following is a typical entry from an exports file:
This line exports the filesystem only to the machine mary.hcl.com. If you try
to use NFS Maestro Client from any other machine, you will receive an
access denied error. The server may also reject the connection request if it
cannot resolve your client host name to an IP address. Verify that your
/etc/hosts, DNS, or directory service host tables have an entry for your
client IP address and machine name.
/export/home/users -access=mary.hcl.com,root=mary.hcl.com
NFS Maestro Client Users Guide
268
Authorization Error While Mounting
This error indicates that the user name and password you have specified
either are incorrect or do not exist. To connect to a resource from NFS
Maestro Client, you must specify a user name and password for the
machine to which you are connecting. If you are using
AUTH_SYS/AUTH_UNIX authentication, the two daemons that accept
NFS Maestro Client authorization requests are pcnfsd and hclnfsd. Both or
one of these daemons should be running on the server. To test for pcnfsd or
hclnfsd, try to telnet to the NFS server with the same user name and
password.
If you are using a Default Authentication Server, make sure that your user
name and password are the same as the user name and password on the
server.
Bad Activation Key Message
If you encounter a bad activation key message when connecting to an
exported filesystem, uninstall NFS Maestro Client completely. Contact
Hummingbird Technical Support department to get the instructions. Once
you have uninstalled completely, reinstall the program.
Disk Full Error
If this error occurs when an application is opening a file on an NFS
connection but there is space on the disk, try either of the following:
For more information, see
Viewing Disk Space and
File Quotas on page 265.
Log on to the NFS server and run the command for the UNIX machine
which shows the quota information. Ensure that you have not exceeded
the disk space or file quota.
On your NFS Maestro Client machine, run the df command line
application and note the values returned.
If you have not exceeded any quota limits and the disk is not full, contact
the application vendor and report the problem.
Appendix B: Troubleshooting
269
Invalid Remote Device Error
If you receive this error after trying to connect to a remote filesystem or
resource, try doing the following:
For more information about
using the Exports page,
see Verifying Available
Exports on page 100.
Using the Expor ts page of the Remote Info application, check that the
specified filesystem is exported and check the list of computers to which
it is exported. Occasionally, some systems return an error stating that a
filesystem does not exist when the user is not authorized to connect to
the filesystem.
Some systems require that the local host tables of the server contain the
IP address and network name of the NFS client, even if the filesystem is
available to everyone. To verify this, check with the system
administrator.
Authentication Daemon Timeout Error
Using the NFS Maestro Network Access dialog box, you might receive a
Network Timeout or HCLNFSD/PCNFSD Not Running on Host error.
This error message means that the host does not have an authentication
daemon running. You need to run either the native pcnfsd or hclnfsd.
pcnfsdAvailable from the operating system vendor. Contact your vendor
to get the precompiled or source code for your specific operating system.
hclnfsd daemon's source codeAvailable in the Utility directory of the
installation directory.
For more information on hclnfsd, see Appendix A: Integrating hclnfsd on
page 251.
Not Enough Disk Space in Temp Directory
When you install NFS Maestro Client, you may get the following error
message even though there is enough space available on the hard drive:
Not Enough Disk Space in Temp Directory.
To correct this problem, rename (or delete) the existing temp directory and
create a new directory with the same name (temp).
NFS Maestro Client Users Guide
270
Out of Memory Error
This type of message is not necessarily caused by a memory problem.
Instead, the execute bit may not be set on the remote file that you are
attempting to run. To resolve this problem, do any of the following:
Select the Ignore Execute Bit option on the Advanced page of the
Hummingbird NFS Maestro Client Proper ties dialog box.
Change the files attributes or permissions in Windows Explorer.
Run the chmod command line application and reset the execute bit for
the file.
Permission Denied
This message occurs if any of the following is true:
The currently logged-in user does not have permission to access the
filesystem or resource.
The root user is mapped to the nobody user on the server and you are
accessing the filesystem as root (administrator).
The user on the client does not have a corresponding UID on the server.
Read/Write Errors
If you receive read/write errors, try the following:
For more information, see
Optimizing NFS
Connections on
page 143.
Run the NFS Maestro Client Tuner wizard. This wizard returns the
optimal values for the read and write parameters. Change the global
defaults for these values on the Network page of the Hummingbird NFS
Maestro Client Proper ties dialog box.
If the server is not available, wait for the server to return or press
Ctrl + Break to terminate the process that is running the network
operation.
Appendix B: Troubleshooting
271
Remote Host Unavailable Error
If you receive this error, try doing the following:
Using the Windows Ping program, check that the TCP/IP stack is
functioning and that the remote host is running.
For more information, see
Verifying Required RPC
Daemons on page 97.
Using the RPCInfo page, check that either hclnfsd or pcnfsd is running
on the remote host or on the default authentication server.
Frequently Asked Questions
Which Version of NFS Maestro Client Am I Using?
To determine which version of NFS Maestro Client you are using, run the
hclshow.exe command line application. You can save the results to a file:
C:\> hclshow > hclresults.txt
In the results, search for the Title and Version keys for the product:
Title (REG_SZ) = "Hummingbird NFS Maestro Client"
Version (REG_SZ) = "10.00"
Why Can't I Access the Server as Root?
By default, the NFS protocol does not allow the root user to connect to NFS
filesystems from remote clients. It does this by treating the root user as a
non-privileged user called nobody. You can gain access as root from an NFS
client only if you have been granted root access in the exports file.
For example, The following entry exports the filesystem with read and write
capability for john and mary's machines. It also grants root access to john's
machine.
/export/home/users -rw=john:mary,root=john
NFS Maestro Client Users Guide
272
Troubleshooting Authentication
Before you attempt to map an NFS resource under a particular
authentication protocol, you should verify that the following are true:
The NFS server supports the authentication protocol you have selected.
The resource has been exported with the necessary option(s) for the
protocol.
If these conditions are not met, the NFS request may fail due to a weak
authentication error.
NFS Servers and Authentication
Not all NFS servers support the authentication protocols that NFS Maestro
Client can use. For example, many of the free UNIX systems do not support
AUTH_DH/AUTH_DES or RPCSEC_GSS. Most commercial UNIX
systems do not support RPCSEC_GSS.
RPCSEC_GSS support on Solaris systems requires the Sun Enterprise
Authentication Mechanism (SEAM) add-on. NFS Maestro Client is
compatible with the default SEAM configuration on Solaris 2.6, Solaris 7,
and Solaris 8. For more information on SEAM, see the following resource:
NFS Export Options for Authentication Protocols
NFS servers have an exports file that lists the resources that have been
exported. On many UNIX systems, this file is /etc/exports. (On Solaris
systems, it is /etc/dfs/dfstab.) There is an entry in the file for each
resource that gives the full path name of the resource and any export
options that apply to the resource.
The NFS administrator can specify as one of these options the
authentication protocol or set of protocols that secure the resource. If you
want to connect to a resource using a particular authentication protocol,
that resource must have been exported with the correct option.
http://wwws.sun.com/software/solaris/8/ds/ds-seam/ds-seam.pdf
Appendix B: Troubleshooting
273
On Solaris systems, the following attributes can be specified for the sec
option:
sysAUTH_SYS/AUTH_UNIX authentication
dhAUTH_DH/AUTH_DES authentication
krb5RPCSEC_GSS authentication with None service type
krb5iRPCSEC_GSS authentication with Integrity service type
krb5pRPCSEC_GSS authentication with Privacy service type
If no protocol is specified in the exports file, AUTH_SYS/AUTH_UNIX is
the default.
Export Option Examples
The following entry from an /etc/dfs/dfstab file secures the resource
/usr/home using the AUTH_SYS/AUTH_UNIX and
AUTH_DH/AUTH_DES protocols:
share -F nfs -o sec=dh:sys /usr/home
The following entry secures the resource /export/home/jane with
RPCSEC_GSS (all three service types):
The following entry secures the resource /usr/test with
AUTH_SYS/AUTH_UNIX (the default protocol):
share -F nfs /usr/test
Weak Authentication
If you attempt to connect an NFS resource using an authentication protocol
that does not apply to the resource, a weak authentication error occurs. This
means that you have tried to enforce a stronger level of authentication than
the server supports for that resource.
share -F nfs -o sec=krb5:krb5i:krb5p /export/home/jane
NFS Maestro Client Users Guide
274
For example, if you configure NFS Maestro Client for
AUTH_DH/AUTH_DES authentication and then try to map a resource that
has been exported with AUTH_SYS/AUTH_UNIX, a message box opens
with the following information: Weak authentication. Server does not
support requested authentication flavour. To correct the problem, you
must configure NFS Maestro Client for the protocol that secures the
resource.
A weak authentication error can also occur if a subdirectory of an exported
resource is exported with a stronger protocol than the parent directory. In
such a case, the NFS server usually returns a weak authentication error if a
client attempts to connect to the subdirectory. For example, the following
entries from an /etc/dfs/dfstab file produce a weak authentication error if
an NFS client attempts to connect to /usr/home/jane with
AUTH_DH/AUTH_DES:
AUTH_DH/AUTH_DES Troubleshooting
If you are unable to connect to a resource using the
AUTH_DH/AUTH_DES protocol, consider the following:
Client-Server Synchronization
The AUTH_DH/AUTH_DES authentication protocol is dependent upon
client and server time synchronization. The credentials for a client have a
lifetime limited by the window of the verifier (60 seconds). All NFS
transactions must occur within this window, otherwise they are silently
discarded. If the NFS server and client clocks are not synchronized, NFS
requests from the client fail. Most AUTH_DH/AUTH_DES connection
failures can be attributed to incorrect time synchronization.
# Export all of /usr/home (default to AUTH_SYS/AUTH_UNIX)
share -F nfs /usr/home
# Export a subdirectory of /usr/home securely (INCORRECT!)
share -F nfs -o sec=dh /usr/home/jane
Appendix B: Troubleshooting
275
Typically, all hosts on the NFS network use a Network Time Protocol server
to synchronize themselves to each other. For more information on the
Network Time Protocol (version 3), see the following site:
http://www.ccd.bnl.gov/xntp/
You can synchronize your machine with the NFS server using the Network
Time application.
To access the Network Time application:
1 On the Windows Star t menu, point to Programs and navigate to
Hummingbird Connectivity.
2 Point to Accessories, and then click Network Time.
Client Configuration
For more information on
binding to a domain, see
Hummingbird Directory
Services Help.
To connect to resources under AUTH_DH/AUTH_DES, you must correctly
bind NFS Maestro Client to a NIS+ domain. To verify your configuration,
you can test your connection to the NIS+ server. If you can run Directory
Services Explorer and examine objects in the NIS+ domain, then your
configuration is correct and the authentication failure is probably on the
NFS server side.
Server Configuration
The NFS server that stores the resource must support
AUTH_DH/AUTH_DES and belong to the same NIS+ domain (either as a
client or server) that you specified when you configured NFS Maestro
Client.
Export Options
For more information, see
NFS Export Options for
Authentication Protocols
on page 272.
The resource must have been exported with the AUTH_DH/AUTH_DES
option. On Solaris systems, the addition of the options sec=dh to resources
exported in /etc/dfs/dfstab secures them under the
AUTH_DH/AUTH_DES protocol.
NFS Maestro Client Users Guide
276
Installation Troubleshooting
The following are common installation issues and questions along with
suggested solutions. For further assistance with troubleshooting issues,
contact Hummingbird Technical Support.
Another instance of Hummingbird Setup Wizard is running.
Solutions:
An information dialog box informs you that an instance of Setup
Wizard is already running. Confirm whether the new instance can
continue.
If a product is not currently being installed, you can ignore this error
message and run:
Setup /v"HCL_OVERRIDE_INSTANCE=1"
The message also appears if a non-privileged user tries to uninstall a
product installed for All Users of the computer. In this case, the setup
parameter does not work since only an Administrator of the computer
can uninstall the product.
This error message may display if installer is unable to remove a key
created by the Setup Wizard. This may be because Setup Wizard
encountered problems during a previous installation and the key was
not removed.
Delete the following key from the registry:
HKEY_CURRENT_USER/Software/Hummingbird/Connectivity
/version/installer/UserIni/InstallActive=1
Appendix B: Troubleshooting
277
The feature you are trying to install is on a network resource
that is unavailable.
Solutions:
Click OK in the warning dialog box and try again.
Enter an alternate path to the folder containing the installation package
Hummingbird Product .msi. Run the install again and select Repair.
Use Media Location Manager (part of the Administrators Toolkit
feature) to specify an additional location for the product installation
package. This lets Windows Installer find the required resource.
Patch - Sourcedir not found (when trying to install patch).
This means the source files are unavailable. When installing a patch, you
need to have the source from which you installed.
Solution: The original product CD must be in the drive. If necessary, use
Media Location Manager (part of the Administrators Toolkit feature) to
specify a location for the source files.
After installation the software does not workservices are
not starting and/or files are missing.
Solution: Ensure the Administrator account is used to perform the
installation. For Windows 2000, installing HostExplorer and NFS Maestro
Client requires Administrator privilege. Installing Exceed requires elevated
privilege (that is, a user who is a member of the Administrator group).
When trying to install the product, a message says I must
uninstall the product.
Solution: You have version 7.0 of the product installed. The upgrade process
requires the original version 7.0 source files to install a later version of the
product. If necessary, use Media Location Manager (part of the
Administrators Toolkit feature) to specify a location for the source files.
NFS Maestro Client Users Guide
278
Are there other command line options for Msiexec?
For more detailed
information about Msiexec
command line options, see
the Windows Installer
documentation in the
MSDN online Library at
msdn.microsoft.com or on
CD-ROM via subscription.
The following are command line options for Msiexec:
Option Meaning
/i Package|ProductCode Installs or configures a product.
/f Package|ProductCode Repairs a product. For more information about
various flags available for this option, see the MSDN
Library.
/a Package An administrative installation option that installs a
product on the network.
/x Package|ProductCode Uninstalls a product.
/j Advertises a product. For more information about
various flags available for this option, see the MSDN
Library.
/L Logfile Specifies path to log file and the flags indicate which
information to log. For more information about various
flags available for this option, see the MSDN Library.
/m filename Generates an SMS status .mif file. Use this option in
conjunction with the install (-i), remove (-x),
administrative installation (-a), or reinstall (-f)
options. For more information about this option, see
the MSDN Library.
/p PatchPackage Applies a patch. For more information about this
option, see the MSDN Library.
/q Sets user interface level. For more information about
various flags available for this option, see the MSDN
Library.
/?
/h
Displays copyright information for the Windows
Installer.
/y module Calls the system API DllRegisterServer to self-register
modules. For more information about this option, see
the MSDN Library.
/z module Calls the system API DllUnRegisterServer to
unregister modules. For more information about this
option, see the MSDN Library.
Appendix B: Troubleshooting
279
How do you create an installation log file?
To generate a log file, users should run the following command:
setup /v"/1*v C:\install_log.txt"
where C:\ is the path to plaintext file install_log.txt.
Appendix C
Connectivity Applications
Hummingbird Connectivity 283
Accessories 283
Administrative Tools 284
Connectivity Tools 285
HostExplorer 286
HostExplorer Tools 287
HostExplorer Print Services Console 287
WyseTerm 287
Hummingbird FTP 288
Hummingbird Deployment Wizard 288
NFS Maestro Solo Applications 288
Appendix C: Connectivity Applications
283
Hummingbird Connectivity
The following applications and components are available with your
product. They are all installed during a Complete installation, or you can
select them during a Custom installation. Help is available with each
application.
Accessories
Classic FTP This application lets you connect to a remote FTP server and
transfer files between computers. FTP is only supported under TCP/IP
transports. You cannot use this application with DECnet or IPX/SPX. A
server implementation of the FTP protocol must run on the remote
computer to allow for FTP communication. The remote computer is the
FTP server (host), and the PC running Classic FTP is the FTP client.
File Converter This application translates line feed control characters
(also known as carriage return characters) between DOS and UNIX
formats.
Hummingbird Basic This is a command language included with
Hummingbird products. Hummingbird Basic can be used to create scripts
for frequently performed tasks that you would like to automate. For more
information, see the Hummingbird Basic Language Programmers Guide.
LPQ (Line Printer Query) This application is used to return the status of
the print queue on either a UNIX system or another PC running a
line-printer daemon.
LPR (Line Printer Requester) This application lets you print PC files to
any host on a TCP/IP network running LPD. The LPR window displays a
separate window for each printer queue to which you are connected. For
more information, see the LPR help.
Network Time This application lets you synchronize the time on your PC
with the Network Time Server.
NSLookup This application finds and displays information about hosts
in a domain.
NFS Maestro Client Users Guide
284
Ping This is a diagnostic tool that lets you quickly check the integrity of a
network communications path and your TCP/IP configuration. Ping sends
Internet Control Message Protocol (ICMP) echo requests to specified
machines and displays the response in graphical form.
Quick Script Editor This application is a graphical development
environment in which you can create and modify HostExplorer and FTP
Quick Scripts. These scripts are made up of commands that help to
automate tedious and repetitive tasks.
Remote Tools This application is an integrated version of several UNIX
commandsRemote Shell, Remote Exec, Remote Copy (RSH), and Remote
Copy (REXEC). You can execute commands and copy files to or from other
machines on the network using the RSH and REXEC protocols.
Traceroute This application shows the route that packets take to the host.
It lets you test, troubleshoot, and manage network connections and find the
route used to connect to a specific host.
Administrative Tools
Files and Settings Transfer Wizard This application lets you backup,
restore, and migrate Hummingbird Connectivity product settings using
.humsft files. Using this file, you can then export and import these settings
to and from other host machines.
Hummingbird Profile Publishing Wizard This application lets you
publish profiles to specific profile spaces.
Hummingbird Update You can use Hummingbird Update to install the
latest patch to your product. For more information, see the installation
chapter.
Language Chooser Hummingbird Connectivity Language Chooser lets
you specify the user interface language for Hummingbird Connectivity
applications. The language you select will be used in Connectivity menus
and dialog boxes.
Media Location Manager This application lets you manage your
Windows Installer Media Source locations.
Appendix C: Connectivity Applications
285
Metering Client Settings This application is a component of
Hummingbird Metering Server. You can use it to configure metering client
settings, which are used to establish communication between a metering
server and its metering clients for a particular host machine.
Profile Space Editor This application lets you view and manage profile
spaces.
Sconfig Sconfig is a wizard that lets you customize the installation of
software on local and network machines. With Sconfig, you can configure
installations in the following ways:
Customize the folders installed by Setup.
Tailor the list of applications or components to be installed. You can
alter the list to limit the functionality available to users or to optimize
the use of disk space.
Simplify user input during the installation by pre-selecting
information, such as the names of the directories where the software is
installed.
For more information on Sconfig, see the Advanced Installation chapter.
Connectivity Tools
Directory Services This application lets you configure the NIS, NIS+,
and LDAP settings for Hummingbird Connectivity applications. All
directory service queries made by Hummingbird Connectivity applications
target the domains specified and selected by you. Hummingbird Directory
Services also lets you synchronize your Windows and UNIX passwords and
select a target service for host name resolution.
Directory Services Console Hummingbird provides MMC snap-ins for
NFS Maestro products. If you are an Administrator on your machine and
you have installed the NFS Administration feature, you can use a console to
configure NFS Maestro products.
Directory Services Explorer This application lets you browse NIS, NIS+,
and LDAP directory services without leaving the familiar Windows
environment. Using Directory Services Explorer, you can bind your
machine to multiple domains simultaneously, browse object contents and
properties, run selective or global queries, and change your password in a
directory service domain.
NFS Maestro Client Users Guide
286
Hummingbird InetD InetD is a super daemon that lets you enable and
disable various daemon services through a single application. It determines
the network services to which your PC responds when a client makes a
network request. In a Windows 98/2000 environment, InetD runs
automatically when placed in the Startup folder. The Startup folder is the
usual location for InetD.
Hummingbird Proxy Server Console Hummingbird Proxy Server is a
general proxy engine that lets you proxy emulation sessions. Proxy Server is
composed of two components: a) the proxy engine, which is installed as a
service on your workstation, and b) the proxy console, which lets you
configure and monitor the proxy service. A shortcut to the Proxy Console is
installed when you install the Proxy Server. Proxy Server Console installs as
part of Host Access Services.
Metering Server Hummingbird Connectivity products are now equipped
with license metering capabilities. Metering Server is a reporting tool that
lets administrators track the number of Hummingbird licenses deployed in
their organization.
HostExplorer
HostExplorer is a PC-to-host connectivity product that provides
connections from a desktop to enterprise hosts, including IBM mainframes,
AS/400s, UNIX and Linux systems. Depending on the type of host to which
you are connecting, you can transfer files using Telnet, Hummingbird FTP,
or 5250 Data Transfer. HostExplorer offers three types of terminal
emulation:
3270Emulates an IBM mainframe (including 3179G, 3472G, 3278,
and 3279 models), runs 3270 applications, and transfers files between a
host machine and your PC using the IND$FILE file transfer
application.
5250Emulates IBM AS/400 sessions and runs 5250 applications.
VTEmulates the DEC VT420 video terminal and includes support for
VT52, VT100, VT101, VT102, VT220, VT320, VT420, ANSI, SCO
ANSI, IBM 3151, and Linux Console.
Appendix C: Connectivity Applications
287
HostExplorer Tools
5250 Data Transfer Wizard This is a new HostExplorer component that
lets you transfer data between a PC and an AS/400 host. If you transfer a file
from an AS/400 host to your PC, you can specify standard SQL statements
to execute in the file.
HostExplorer Management Console HostExplorer Management
Console is an administrative, feature-lockdown tool. With it, you can
specify which HostExplorer menu options you want to make available for
end users. By default, all menu options are available.
HostExplorer Migration Wizard HostExplorer Migration Wizard
converts user settings files created for Attachmate Extra! v6/7.1, IBM
Personal Communications v5.7, and Wall Data Rumba v7.2 into
HostExplorer settings files.
HostExplorer SDK These application programming interfaces (APIs) let
you extend the functionality of your available programming languages, such
as Visual C++ and Visual Basic, to write scripts. Use it to exploit the
functionality and features of HostExplorer products from within your own
programs and scripts.
Macro and Profile Converter This utility lets you convert WallData
Rumba or Attachmate Extra! macros into Hummingbird Basic macros and
Attachmate Extra! profiles into HostExplorer session profiles.
HostExplorer Print Services Console
HostExplorer Print Services installs as part of Host Access Services. This
application is a server-based, scalable printing solution that lets you
distribute reports from host computers to any LAN (local area network)
printer in your enterprise network.
WyseTerm
WyseTerm is a terminal emulator that emulates Wyse-50 and Wyse-60
terminals.
NFS Maestro Client Users Guide
288
Hummingbird FTP
This application is a client implementation of the File Transfer Protocol
(FTP). It lets you transfer both text (ASCII) and image (binary) files
between your PC and a remote computer running a server implementation
of FTP. You can also use it to perform file and directory management on
your PC and a remote computer. For more information, see the
HostExplorer Users Guide.
Hummingbird Deployment Wizard
Hummingbird Deployment Wizard lets you create web-deployable
installations of certain Hummingbird products. This multi-component
application is not installed as a Connectivity product feature. You must
install it separately from the Connectivity product CD.
NFS Maestro Solo Applications
NFS Maestro Solo is a scaled-down version of NFS Maestro Client that
includes all the core functionality of the NFS client and the following
additional applications:
Hummingbird Directory Services
Directory Services Explorer
File Converter
Network Time
Files and Settings Transfer Wizard
Hummingbird Update
Language Chooser
Media Location Manager
Metering Client Settings
Sconfig
Appendix D
General Accessibility and
Technical Support
General Accessibility 291
Microsoft Accessibility Options 292
Technical Support 293
Appendix D: General Accessibility and Technical Support
291
General Accessibility
Hummingbird products are accessible to all users. Wherever possible, our
software adheres to Microsoft Windows interface standards and contains a
comprehensive set of accessibility features.
Access Keys All menus have associated access keys (mnemonics) that let
you use the keyboard, rather than a mouse, to navigate the user interface
(UI). These access keys appear as underlined letters in the names of most UI
items. (If this is not the case, press Alt to reveal them.) To open any menu,
press Alt and then press the key that corresponds with the underlined letter
in the menu name. For example, to access the File menu in any
Hummingbird application, press Alt+F.
Once you have opened a menu, you can access an item on the menu by
pressing the underlined letter in the menu item name, or you can use the
arrow keys to navigate the menu list.
Keyboard Shortcuts Some often-used menu options also have shortcut
(accelerator) keys. The shortcut key for an item appears beside it on the
menu.
Directional Arrows Use the directional arrows on the keyboard to
navigate through menu items or to scroll vertically and horizontally. You
can also use the directional arrows to navigate through multiple options.
For example, if you have a series of radio buttons, you can use the arrow
keys to navigate the possible selections.
Tab Key Sequence To navigate through a dialog box, press the Tab key.
Selected items appear with a dotted border. You can also press Shift+Tab to
go back to a previous selection within the dialog box.
Spacebar Press the Spacebar to select or clear check boxes, or to select
buttons in a dialog box.
Esc Press the Esc key to close a dialog box without implementing any new
settings.
Enter Press the Enter key to select the highlighted item or to close a dialog
box and apply the new settings. You can also press the Enter key to close all
About boxes.
NFS Maestro Client Users Guide
292
ToolTips ToolTips appear for all functional icons. This feature lets users
use Screen Reviewers to make interface information available through
synthesized speech or through a refreshable Braille display.
Microsoft Accessibility Options
Microsoft Windows environments contain accessibility options that let you
change how you interact with the software. These options can add sound,
increase the magnification, and create sticky keys.
To enable/disable Accessibility options:
1 In Control Panel, double-click Accessibility Options.
2 In the Accessibility Options dialog box, select or clear the option check
boxes on the various tabs as required, and click Apply.
3 Click OK.
If you installed the Microsoft Accessibility components for your Windows
system, you can find additional accessibility tools under Accessibility on the
Star t menu.
Appendix D: General Accessibility and Technical Support
293
Technical Support
You can contact the Hummingbird Technical Support department Monday
to Friday between 8:00 a.m. and 8:00 p.m. Eastern Time.
Hummingbird Ltd.
1 Sparks Avenue, Toronto, Ontario, Canada M2H 2W1
Canada and the USA International
Technical Support: 1-800-486-0095 +1-416-496-2200
General Enquiry: 1-877-FLY-HUMM +1-416-496-2200
Main: +1-416-496-2200
Fax: +1-416-496-2207
E-mail: [email protected]
FTP: ftp.hummingbird.com
Web Support: support.hummingbird.com/customer
Web Site: www.hummingbird.com
www.connectivity.hummingbird.com
Numerics
5250 Data Transfer Wizard (HostExplorer
component) .................................. 287
A
Access Control Entry..................................... 84
Access Control List ........................................ 84
in NFSv4................................................. 85
setting for shared resources.................. 133
access denied
permission denied................................ 270
to file/directory..................................... 267
while mounting.................................... 267
accessibility, general..................................... 291
accessing server as root................................ 271
Accessories........................................... 283284
ACE. See Access Control Entry.
ACL. See Access Control List.
activation key message................................. 268
Active Directory........................................... 191
changing passwords in......................... 211
advisory locking............................................. 73
Anonymous Login....................................... 110
ANSI character encoding ............................ 125
API ............................................................... 287
applications, NFS Maestro Client ................... 4
attributes, name mapping
schema extension.................. 239, 242
AUTH_DES
definition................................................ 78
authentication repository....................... 78
common key........................................... 78
configuring ........................................... 135
credentials lifetime ............................... 274
export option................................273, 275
troubleshooting.................................... 274
AUTH_DH. See AUTH_DES.
AUTH_SYS. See AUTH_UNIX.
AUTH_UNIX
definition................................................ 78
configuring ........................................... 134
credentials............................................... 78
default authentication server................ 134
export option........................................ 273
specifying password.............................. 104
specifying user name ............................ 104
verification.............................................. 78
authentication
128-bit SSL ........................................... 211
definition................................................ 76
agent ....................................................... 76
AUTH_SYS ..................................227, 230
basic model............................................. 76
CA certificates ..............................211, 215
client properties.................................... 134
daemons ............................................... 253
default authentication server................ 227
export options ...................................... 272
high encryption .................................... 211
protocols................................................. 77
Index
296
NFS Maestro Client Users Guide
repository................................................76
Secure RPC...........................................191
SSL/TLS ................................................211
supported types.......................................76
troubleshooting ....................................272
user credentials for LDAP ....................214
using directory services...........................77
using hclnfsd/pcnfsd.............................227
using SASL............................................217
weak ......................................................273
authorization
defined ....................................................82
error, while mounting ..........................268
automount function
automount syntax...................................88
master object...........................................87
using the hosts object .............................89
B
binding to a domain
overview................................................193
LDAP ....................................................205
NIS........................................................200
NIS+......................................................202
using user vs. machine credentials .......202
browsing for NFS hosts..................................86
C
CA certificate
definition ..............................................211
installing................................................212
cat command....................................................5
CD-ROM names..........................................125
Certificate Authority (CA).................. 211, 215
character encoding.......................................125
chgrp command...............................................5
chmod command.............................................5
chown command .............................................5
Classic FTP...................................................283
client settings................................................119
cluster environment
defined.......................................... 161, 186
advantages .................................... 161, 187
directory services in.............................. 186
installation requirements ....................... 12
NFS Maestro Name Mapping
Server in........................................ 161
command line
connecting with.................................... 105
disconnecting with............................... 112
symbolic link creation............................ 74
command line (Sconfig)
error conditions ..................................... 65
generating .mst files from ...................... 64
invoking .mst files from......................... 64
options.................................................... 64
validation conditions ............................. 65
command line applications ............................. 5
in Hummingbird Directory Services ... 249
ln............................................................. 74
nfs link.................................................. 105
nfs unlink ............................................. 112
commands
NameMappingSchemaChange.exe...... 238
common questions ...................................... 271
compiling hclnfsd........................................ 253
configuring
LDAP name mapping servers .............. 237
name mapping servers ......................... 234
NFS Maestro Client...................... 119, 126
connecting
overview ................................................... 3
access denied........................................ 267
authorization error............................... 268
preparatory steps.................................... 97
remote printing.................................... 113
to a printer............................................ 114
using NFS Maestro Network
Access...................................... 75, 106
using the nfs link command ................ 105
using Windows Explorer ..................... 111
connections, optimizing.............................. 143
Connectivity Kerberos................................... 79
297
Index
Console window.......................................... 148
consoles
defined.................................................. 147
configuring multiple machines............ 151
configuring products remotely ............ 150
Console window................................... 148
installing................................................. 13
interface for .......................................... 147
NFS Maestro Client console ................ 152
opening................................................. 148
requirements for................................... 147
snap-ins ................................................ 147
controlling letter case of resource names .... 124
Create Symbolic Link wizard......................... 75
creating symbolic links .................................. 75
using the ln command ........................... 74
cred table........................................................ 78
credentials
definition................................................ 76
AUTH_UNIX ........................................ 78
DES......................................................... 78
identifier ................................................. 76
Kerberos ................................................. 80
local ........................................................ 79
NFS......................................................... 77
password and group files ..................... 162
RPCSEC_GSS ........................................ 80
verifier .................................................... 76
customizing
files and folders ...................................... 28
installation........................................ 2732
customizing installations with Sconfig
directories............................................... 35
Directory Services properties ........... 36, 58
environment variables............................ 53
features ............................................. 35, 41
files.................................................... 35, 43
for Terminal Services ............................. 36
Metering properties ......................... 35, 52
migrating user settings ........................... 55
NFS Maestro Client properties........ 36, 60
Profile Spaces..........................................57
properties......................................... 35, 45
registry ....................................................35
shortcuts .......................................... 35, 50
D
daemons
hclnfsd............................................ 70, 227
lpd.........................................................114
mountd...................................................70
nfsd .........................................................70
nlockmgr.................................................70
pcnfsd............................................. 70, 227
portmapper.............................................70
required for NFS connections ......... 70, 97
Data Encryption Standard .............................78
default
root directories, connectivity settings ....27
user directory............................. 27, 28, 29
default authentication server .............. 134, 227
default mappings......................... 158, 176178
unmapped NFS names .........................177
unmapped Windows names.................177
denied access ....................................... 267, 270
denied permission error...............................270
DES. See Data Encryption Standard.
Destination directory .....................................37
destination folder/directory
installation ..............................................11
determining version number.......................271
device error...................................................269
df command.....................................................6
DHCP...........................................................194
configuring the server...........................194
locating servers with .............................194
option codes .........................................194
DHCP server ................................................237
directories
default user ...................................... 27, 28
personal (per-user).................................27
directories, access denied.............................267
298
NFS Maestro Client Users Guide
directories, customizing with Sconfig............35
creating custom folders ..........................39
creating custom subfolders.....................39
Current User directory ...........................37
Destination directory..............................37
directories, installation...................................11
global user...............................................12
per-user...................................................12
directories/folders
destination (root home) .........................11
user..........................................................11
Directory properties
setting with Sconfig ................................58
directory services......................... 161, 165, 167
definition ..............................................190
domains ................................................190
NIS/NIS+..............................................162
object types ...........................................191
profiles ..................................................193
protocol types .......................................190
query order .................. 200, 201, 204, 208
repositories ...........................................192
RPC object ..............................................99
Directory Services Explorer ................ 275, 285
overview................................................185
changing a domain password...............226
profiles ..................................................195
querying directory service objects ........221
saving query results...............................223
sorting query results .............................223
viewing object properties......................224
directory services profiles
disabling user profiles...........................232
for Directory Services Explorer ............197
for Hummingbird Directory Services ..198
modifying..................................... 225, 230
name mapping profile ..........................196
removing...................................... 226, 231
system profile........................................196
user profiles...........................................196
Directory Services properties
setting with Sconfig................................ 36
disconnecting
from multiple connections .................. 112
using NFS Maestro Network Access.... 112
using nfs unlink.................................... 112
using Windows Explorer ..................... 112
disk full error ............................................... 268
disk space and file usage, viewing................ 265
disk space error............................................ 269
Display Recursive Symbolic Links
(default setting) ............................ 132
DNS zone transfer ......................................... 91
Dynamic Host Configuration Protocol.
See DHCP.
E
Enable Root Access (default setting)........... 132
encoding, character ..................................... 125
environment variables ................................... 53
adding..................................................... 53
modifying ............................................... 53
removing ................................................ 53
values...................................................... 53
error messages ............................................. 267
errors in hclnfsd messages........................... 259
Everyone group, permissions for .................. 85
Exact Filename Matching
(default setting) ............................ 132
Execute permission........................................ 82
export options.............................................. 272
exported resources, verifying host access.... 100
exports command............................................ 6
Expos Online................................................ 23
extending, name mapping schema.............. 239
F
features, customizing with Sconfig.......... 35, 42
adding..................................................... 41
modifying ............................................... 41
removing ................................................ 42
299
Index
file access properties ............................ 123125
default file name case ........................... 124
default UNIX-style permissions .......... 123
file-locking mechanism........................ 124
filesystem type ...................................... 125
file and directory mode ................................. 84
File Converter .............................................. 283
file locking...................................................... 72
lock managers....................................... 124
file name case, default.................................. 124
files
access denied ........................................ 267
.humfst ................................................... 55
.mst ......................................................... 34
.mst for Terminal Services ..................... 36
printing................................................. 113
restoring and migrating, Wizard ......... 284
Files and Settings Transfer Wizard.............. 284
migrating per-user settings .................... 30
migrating user settings ........................... 32
files, customizing with Sconfig...................... 35
adding custom........................................ 43
modifying custom.................................. 44
removing ................................................ 45
filesystems
bad activation key message .................. 268
maintaining a history of connections .. 108
mounting exported ................................ 71
quotas ................................................... 265
folders. See directories.
folders, Sconfig. See directories, customizing
with Sconfig.
Frequently Asked Questions ....................... 271
FTP............................................................... 283
Hummingbird client ............................ 288
full disk error ............................................... 268
full permissions.............................................. 83
G
Generic Security Service Application
Program Interface .........................217
GID.......................................................... 77, 78
group file ..................................... 161, 162, 167
See also password file.
group ownership, default.............................120
Group permissions (UNIX)...........................83
GSSAPI. See Generic Security Service
Application Program Interface.
H
hard mounts.................................................121
hclnfsd........................................... 70, 124, 134
overview................................................253
error messages ......................................259
not running on host .............................269
running on the server ...........................256
startup file syntax..................................257
transferring and compiling...................253
vs. pcnfsd ..............................................253
hclnfsd daemon............................................227
hclshow command...........................................6
high (128-bit) encryption ............................211
history list for filesystems.............................108
$home format...............................................102
host lookups
NIS maps ..............................................200
specifying a target service .....................232
host unavailable error ..................................271
HostExplorer................................................286
HostExplorer Management Console...........287
HostExplorer Migration Wizard .................287
HostExplorer Print Services.........................287
HostExplorer SDK.......................................287
hosts object.....................................................89
.humfst file .....................................................31
base .........................................................32
base location ...........................................31
current user.............................................32
Hummingbird accessibility..........................291
Hummingbird Basic ....................................283
300
NFS Maestro Client Users Guide
Hummingbird Connectivity User Settings
uninstalling products..............................32
Hummingbird Directory Services ...............285
overview................................................185
command line applications ..................249
profiles ..................................................196
retrieving AUTH_SYS credentials .......230
selecting a service..................................229
specifying a host lookup service ...........232
specifying a name mapping server .......234
specifying an NFSv4 domain................247
specifying network paths with..............102
synchronizing directory service
and Windows passwords ..............233
Hummingbird Export service......................264
Hummingbird FTP......................................288
Hummingbird InetD ...................................286
Hummingbird name mapping server..........157
Hummingbird NFS........................................86
Hummingbird Setup Wizard...........................9
maintenance mode .................................16
Hummingbird Update.................................284
Hummingbird, name mapping servers .......235
.humreg file ....................................................28
HumSettings.exe ............................................32
location ...................................................29
passing arguments ..................................30
I
Ignore Execute Bit (default setting).............131
installation
configuration wizard ............................126
controlling per-user settings...................27
destination folder/directory....................11
disk space error.....................................269
in a cluster environment.........................12
Media Location Manager .....................284
migrating user settings......................3032
passing arguments, per-user settings..... 30
personal, overview.................................. 19
requirements .......................................... 10
scenarios................................................. 19
silent ....................................................... 19
troubleshooting.................................... 276
user directory ......................................... 11
installation directory...................................... 99
installations
creating multiple with Sconfig......... 34, 63
for Terminal Services ............................. 36
setup type for Sconfig............................. 33
Installer Database files. See MSI files.
integrating hclnfsd....................................... 253
Integrity service type (RPCSEC_GSS) .......... 80
invalid remote device error ......................... 269
ISO naming convention.............................. 125
K
KDC. See Key Distribution Centre (Kerberos).
Kerberos
definition................................................ 80
client .........................................79, 81, 135
configuring........................................... 137
credentials .............................................. 80
default configuration ........................... 137
participants............................................. 81
renewing tickets ................................... 138
retrieving ticket-granting tickets.......... 138
service..................................................... 81
Key Distribution Centre (Kerberos) ............. 81
key format for network paths ...................... 103
keylogin
running................................................. 234
using a user profile............................... 205
using the system profile ....................... 205
keys, bad activation message ....................... 268
301
Index
L
LDAP ....................................................... 36, 58
definition.............................................. 191
authentication .............................. 211, 214
bind options ......................................... 205
entries ................................................... 192
name mapping servers .........158, 235, 237
objectclasses for automount
information................................... 219
objects................................................... 192
posixAccount class ............................... 192
query options, setting........................... 213
query order........................................... 208
schema style, setting............................. 218
server architecture................................ 192
specifying user credentials ................... 214
supported schemas............................... 191
version 2 vs. version 3 .......................... 209
letter case of file and directory names ......... 124
Lightweight Directory
Access Protocol (LDAP)............... 191
Line Printer Query....................................... 283
Line Printer Requester................................. 283
links, symbolic ............................................... 73
ln command..................................................... 6
creating symbolic links with .................. 74
local credentials ............................................. 79
locking
advisory .................................................. 73
files.......................................................... 72
mandatory .............................................. 73
records.................................................... 72
resources................................................. 72
login, anonymous ........................................ 110
LPD (line printer daemon) ......................... 114
LPQ. See Line Printer Query.
LPR. See Line Printer Requester.
LPR/LPD printing versus NFS .................... 114
ls command ..................................................... 6
M
Macro and Profile Converter (HostExplorer
component)...................................287
make commands..........................................254
managing
share names ..........................................139
mandatory locking.........................................73
mapping styles............................. 158, 167175
automatic..............................................168
manual ..................................................162
mapping UNIX credentials to user names
automatically ........................................168
manually ...............................................172
master servers...............................................192
Master Setup ........................................... 14, 18
Media Location Manager.............................284
memory error...............................................270
Metering Client Settings ..............................285
Metering properties
setting with Sconfig ......................... 35, 52
Metering Server................................... 285, 286
Microsoft Management Console (MMC)
defined ..................................................147
configuring multiple machines ............151
configuring products remotely.............150
installing NFS Maestro consoles ............13
requirements.........................................147
snap-in for Hummingbird Directory
Services ..........................................187
snap-in for NFS Maestro Client ...........152
snap-in for NFS Maestro Name
Mapping Server.............................159
snap-ins.................................................147
Microsoft SSPI ...............................................79
Microsoft System Management
Server (SMS) ...................................21
Microsoft Transform file. See MST files.
migrating
files and settings............................. 23, 284
user settings with Sconfig .......................55
302
NFS Maestro Client Users Guide
miscellaneous properties..............................130
MMC. See Microsoft Management Console.
mode...............................................................84
most recently used connections...................108
mount type...................................................121
mountd daemon ............................................70
mounting
access denied.........................................267
authorization error ...............................268
exported filesystems................................71
.msc files .......................................................148
Msetup.exe ........................................ 16, 17, 21
personal installation ...............................13
MSI files
applying .mst files to...............................64
customizing ............................................36
Msiexec.exe ....................................................20
command line options .........................278
MST files ........................................................34
applying error conditions.......................65
applying to .msi files ...............................62
applying validation conditions...............65
creating ............................................ 34, 63
creating for Terminal Services................36
generating from a command line...........64
invoking from a command line..............64
saving ......................................................61
Windows Installer...................................34
multiple custom installations.................. 34, 63
N
name case for client files ..............................124
name mapping
automatically ........................................168
default ...................................................176
for NFS Maestro Client ........................165
for NFS Maestro Gateway ....................164
for NFS Maestro Server ........................164
manually ...............................................172
primary and secondary mappings........162
synchronization....................................181
name mapping profiles................................ 243
creating and modifying........................ 244
removing .............................................. 247
name mapping schema extension............... 239
attributes .............................................. 242
object classes......................................... 243
name mapping servers................................. 162
Hummingbird.............................. 157, 235
LDAP............................................ 158, 235
name mapping tables
exporting and importing...................... 179
saving and retrieving............................ 179
name mapping, NFSv4................................ 247
name mapping, schema extension.............. 239
NameMappingSchemaChange.exe ............. 238
network component ................................ 8694
overview ................................................. 86
accessing................................................. 86
automount subcontainers...................... 87
Configured NFS Hosts container .......... 86
creating and editing containers.............. 92
custom containers.................................. 92
Directory Service Automounts
container......................................... 87
Directory Service Hosts container ......... 91
exporting host information ................... 94
importing host information................... 94
listing and mapping resources ............... 91
refreshing exports................................... 92
standard containers................................ 86
syntax variables ...................................... 90
Network File System. See NFS.
Network Information System (NIS) ........... 190
network paths
maintaining a history ........................... 108
specifying.............................................. 101
specifying as a directory service query . 102
303
Index
network properties .............................. 120123
default group........................................ 120
mount type........................................... 121
NFS version.......................................... 120
port number ......................................... 121
read/write settings ................................ 121
transport protocol ................................ 120
network throughput, optimizing ................ 143
Network Time...................................... 275, 283
Network Time Protocol............................... 275
network timeout error................................. 269
NFS ................................................................ 69
ACLs in version 4................................... 85
authentication repository....................... 77
client definition...................................... 69
credentials .............................................. 77
error messages ...................................... 267
exports file ............................................ 272
registered user name ...................... 90, 110
required daemons .................................. 70
server definition ..................................... 69
supported versions ................................... 3
nfs dirprot command ...................................... 6
nfs group command ........................................ 6
nfs link command............................................ 6
connecting with.................................... 105
NFS Maestro Client Configuration
wizard...................................... 86, 126
NFS Maestro Client properties, setting with
Sconfig ...................................... 36, 60
NFS Maestro Client Tuner wizard ..4, 122, 143
running................................................. 144
NFS Maestro Name Mapping Server .......... 234
specifying primary and
secondary servers ......................... 234
NFS Maestro Network Access dialog box
connecting using ............................ 75, 106
disconnecting with............................... 112
NFS Maestro Solo........................................ 288
NFS name space...........................158, 161, 167
NFS printing versus LPR/LPD.................... 114
nfs prot command........................................... 6
nfs register command...................................... 6
NFS Share Editor..................................... 4, 139
managing share names .........................139
nfs unlink command........................................6
disconnecting........................................112
nfs use command.............................................6
NFS versions.......................................... 69, 120
enabling version 4.................................123
forcing version 2...................................123
NFSD....................................................... 36, 58
nfsd daemon...................................................70
NFSv4 domain .............................................247
NIS........................................................... 36, 58
definition ..............................................190
bind options..........................................200
objects ...................................................191
query order .................................. 200, 201
server types ...........................................192
specifying a NIS domain.......................200
NIS+........................................................ 36, 58
definition ..............................................191
bind options..........................................202
cred table.................................................78
objects ...................................................191
query order ...........................................204
server types ...........................................192
specifying an NIS+ domain..................202
NIS+ Keylogin dialog box............................205
NIS/NIS+.....................................................162
nlockmgr ........................................................70
nobody user..................................................110
None service type (RPCSEC_GSS)................80
not enough disk space error.........................269
not running on host error............................269
NTFS
Full Control permission .........................85
permissions.............................................84
Number of Retries (network property) .......122
O
object classes, name mapping schema
extension .............................. 239, 243
OEM character encoding.............................125
OID, name mapping schema extension......243
304
NFS Maestro Client Users Guide
opening
.msi files ..................................................36
.mst files ..................................................36
Sconfig ....................................................36
opening directory services applications.......188
operation attributes, caching .......................132
optimizing NFS connections .......................143
optimizing NFS operations..........................132
Other permissions (UNIX)............................83
out of memory error ....................................270
P
packets..........................................................121
parallel reads.................................................121
parallel threads, number of ..........................121
parallel writes ...............................................121
password file................................ 161, 162, 167
See also group file.
passwords
changing................................................226
registering .............................................109
synchronizing Windows
and directory services....................233
verification methods.............................218
patching Hummingbird products ...............284
PATH .............................................................53
pcnfsd daemon...................... 70, 134, 164, 227
not running on host error ....................269
vs. hclnfsd .............................................253
perftest command ............................................6
permission denied error...............................270
permissions
defined ....................................................82
Access Control Entry (ACE) ................165
Access Control List (ACL) ...................165
changing through the Windows shell ..133
personal installations, overview.....................19
personal user directory...................... 27, 28, 32
automatic update....................................29
manual update........................................29
PerUser Migration.ini
[Directory Mappings.x.yz] section ........ 31
[Migration Control Options] section.... 31
controlling migration............................. 31
PerUser Settings.ini
[PerUser Installation
Parameters] section ........................ 30
[Registry Files] section........................... 28
associating a .humreg file....................... 28
customizing files, folders........................ 28
update personal user directory .............. 29
Ping...................................................... 193, 284
port number ................................................ 121
portmapper daemon...................................... 70
preparing to connect ..................................... 97
primary and secondary mappings............... 162
Print Services ............................................... 287
printers
caching share information................... 264
connecting to........................................ 114
printing
files ....................................................... 113
LPR/LPD versus NFS........................... 114
Privacy service type (RPCSEC_GSS) ............ 80
Process Pre-op Attributes
(default setting) ............................ 132
Product Migration dialog box....................... 31
product overview............................................. 3
product version number.............................. 271
Profile Publishing Wizard ........................... 284
Profile Space Creation Wizard...................... 57
Profile Space Editor ..................................... 285
Profile Spaces
configuring with Sconfig........................ 57
File System.............................................. 57
LDAP...................................................... 57
program maintenance ................................... 16
modifying install state ............................ 16
removing ................................................ 17
repairing ................................................. 17
305
Index
properties..................................................... 119
authentication ...................................... 134
file access ...................................... 123125
miscellaneous ....................................... 130
network ........................................ 120123
properties, setting with Sconfig........ 35, 45, 46
adding..................................................... 45
removing ................................................ 46
Proxy Server Console .................................. 286
Q
query order
LDAP.................................................... 208
NIS................................................ 200, 201
NIS+..................................................... 204
random................................................. 204
querying directory services .......................... 221
Quick Script Editor...................................... 284
quota command .............................................. 6
R
read error ..................................................... 270
Read permission ............................................ 82
read size for packets..................................... 121
read/write error............................................ 270
read/write settings........................................ 121
record locking................................................ 72
registered NFS name.............................. 90, 110
removing .............................................. 110
registering the product .................................. 23
registry entries
adding and removing............................. 28
adding per-user ...................................... 28
registry keys, setting with Sconfig ........... 35, 47
removing ................................................ 49
remlocks command......................................... 6
remote configuration using MMC.............. 150
remote device error...................................... 269
remote host unavailable error ..................... 271
Remote Info application.................................. 4
Remote Procedure Call. See RPC.
Remote Quota application .............................. 4
Remote Tools............................................... 284
replica servers ...............................................192
required daemons, verifying ..........................97
requirements for installation .........................10
resource names
specifying as a directory service
query..............................................102
specifying directly .................................101
retrieving password and group files.....165166
directory service....................................166
Hummingbird Directory Services........166
NIS/NIS+..............................................166
UNIX host ............................................165
retrieving UNIX credentials.........................161
root user .........................................................82
changing resource ownership...................5
privileges .................................................83
root access...................................... 82, 271
running hclnfsd ....................................256
RPC ................................................................69
header .............................................. 69, 78
information.............................................99
information, viewing ..............................97
.rpc file for client.....................................99
.rpc file............................................................99
rpc.bind..........................................................70
rpcinfo command ............................................6
RPCSEC_GSS
definition ................................................79
authentication repository .......................81
configuring ...........................................135
credentials...............................................80
export options.......................................273
service types ................................... 80, 136
supported GSS providers........................79
S
SASL. See Simple Authentication and Security
Layer protocol.
saving
.mst files ..................................................61
saving query results ......................................223
schema extension, name mapping...... 238, 239
306
NFS Maestro Client Users Guide
schemas
name mapping......................................239
Sconfig................................................... 33, 285
SEAM. See Sun Enterprise Authentication
Mechanism.
Secure RPC.....................................................70
authentication.......................................191
password...............................................205
Secure Socket Layer (SSL)............................211
servers
LDAP ....................................................192
master ...................................................192
replica....................................................192
slave.......................................................192
servers file.....................................................258
Setup Wizard
advertisement mode ...............................21
installation modes, overview....................9
Share Editor
editing Configured NFS Hosts ...............87
shares
managing ..............................................139
permissions for .......................................82
shortcuts, setting with Sconfig.......... 35, 49, 50
silent installation............................................19
Simple Authentication and Security Layer
protocol .........................................217
requirements.........................................217
using GSSAPI .......................................217
slave servers ..................................................192
SMS, Microsoft System
Management Server ........................21
snap-ins ........................................................147
soft link...........................................................73
soft mounts ..................................................121
sorting query results.....................................223
space error ....................................................268
specifying
NFSv4 domain......................................247
SSL. See Secure Socket Layer
SSPI................................................................ 79
Substitution Indicator (default setting) ...... 131
Sun Enterprise Authentication
Mechanism................................... 272
symbolic links ................................................ 73
symlink .......................................................... 73
T
TCP. See Transmission Control Protocol.
Technical Support ....................................... 293
temp directory error .................................... 269
Timeout (default settings)........................... 130
timeout error ............................................... 269
TN3270 emulation ...................................... 286
TN5250 emulation ...................................... 286
Traceroute.................................................... 284
transferring hclnfsd ..................................... 253
transform files. See MST files.
Transmission Control Protocol (TCP)....... 120
Transport Layer Security protocol (TLS).... 211
troubleshooting
AUTH_DES ......................................... 274
check list ............................................... 263
general authentication issues ............... 272
installation............................................ 276
list of error messages ............................ 267
printer shares........................................ 264
weak authentication............................. 273
Tuner wizard ............................................... 143
tuning connections...................................... 143
U
UDP. See User Datagram Protocol.
UID.......................................................... 77, 78
unavailable host ........................................... 271
unicode ........................................................ 125
Uniform Naming Convention (UNC)........ 101
uninstalling
controlling per-user ............................... 32
307
Index
UNIX
/etc files................................................. 192
client types.............................................. 83
credential files....................................... 161
GID............................................... 157, 161
hosts file.................................................. 94
lock managers....................................... 124
login process........................................... 78
make commands .................................. 254
Shadow Password database.................. 256
UID............................................... 157, 161
UNIX-style permissions......................... 82
UNIX Hidden Chars (default setting) ........ 131
UNIX-style permissions .............................. 123
setting ................................................... 133
unmapped names
in NFS................................................... 177
in Windows .......................................... 176
updating
the product ........................................... 284
User Datagram Protocol (UDP) ................. 120
user directory, installation............................. 11
user files
per-machine and per-user ..................... 12
$user format................................................. 103
user name, registering ................................. 109
User permissions (UNIX) ............................. 83
user settings
migrating with Sconfig........................... 55
UTF-8 character encoding .......................... 125
V
verifying passwords ......................................218
version number ............................................271
versions, NFS....................................................3
viewing directory service objects..................224
volume labels for CD-ROM applications....125
VT.................................................................286
W
weak authentication............................ 272, 273
Web NFS protocol .......................................123
Windows Explorer
connecting using...................................111
disconnecting with ...............................112
Windows Installer
overview....................................................9
Windows Installer Database file. See MSI files.
Windows shell
changing permissions through.............133
creating and editing containers in..........92
write error.....................................................270
Write permission ...........................................82
write size for packets ....................................121
WyseTerm....................................................287
Y
ypwhich command ......................................193
Notes