You have a number of options for integrating NT and Unix. They range from using open standards and protocols (such as FTP, HTTP, and NFS) for accessing resources to full-fledged integrated solutions. Typical areas of concern include
Systems management — You may want one management interface for multiple systems. In addition, you may want users to have one user name and password across both Unix and NT systems, and you may be looking for a single logon solution across multiple platforms.
Applications and object services — With the emergence of component models like JavaBeans and COM, the path for integrating application services across Unix and NT is a bit clearer. JavaBeans is developed specifically for Java, and the underlying platform independence is available across almost all platforms, including NT. COM is now available for Unix environments.
Applications deployment — You may want to deploy an application like SecurID or Firewall-1 across both Unix and NT systems. Or you may want to develop on your preferred platform — whether it is NT or Unix and then deploy the application across both systems. (Integration issues related to software development are beyond the scope of this book. There are a number of white papers available on Microsoft TechNet CD. IN addiltion, you may want to check http://www.microsoft.com/ntserver/info/unixinterop.htm.)
In the following sections, we describe a few of the potential approaches to integrating NT and Unix networks. Chapter 11 gives you a detailed look at practical ways of integrating NT and Unix.
Advanced Services for Unix
AT&T’s Advanced Services for Unix has been implemented by Sun Microsystems through their Project Cascade. Advanced Services for Unix is essentially Microsoft LAN Manager for Unix upgraded to support domains and trust relationships. This product
Allows Solaris 2.6 servers to be used as NT PDCs or BDCs and also as NT file and print servers
Provides single logon capabilities for NT users with NT security and authentication methods
Supports NT tools such as Server Manager and User Manager
Supports protocols such as SMB and CIFS and APIs such as NetBIOS
Advanced Services for Unix is primarily of interest to you if your organization has already deployed Solaris 2.6 and you want to minimize the number of NT servers in the network. If you are using NT servers and domains mostly to provide file and print services and already have a set of Solaris servers, it may be worthwhile looking at Cascade.
Services for Unix
If you are using both Unix and NT servers for application services, you may need to synchronize user account passwords between these two systems and make services common on Unix platforms — NFS, shell scripting, management through Telnet sessions — accessible on NT as well. Microsoft’s Services for Unix could give you these capabilities. Installing Services for Unix on an NT Server lets you
Synchronize passwords between Unix and NT
Use NT as an NFS server
Share various mount points to NFS clients
Run most of the common commands and scripts used in the Unix environment to provide equivalent results
Access the NT Server from a Telnet client
Telnet Server
You can install Telnet Server — either the one that comes with the NT Resource Kit, or the one that is part of Microsoft’s Services for Unix. Third party Telnet daemons, such as InterAccess TelnetD Server from Pragma Systems and Slnet from Seattle Labs, are also available and provide additional features.
The installation process for the Telnet Server that comes with the NT Resource Kit is quite straightforward and is described clearly in the NT Resource Kit documentation. Once you’ve completed the installation and rebooted the system, the RSMLOGIN.CMD file is the default global login script and has the following relevant commands:
cd %HOMEDRIVE%%HOMEPATH% /d
if exist %HOMEPATH%\RSMLOGIN.CMD call %HOMEPATH%\RSMLOGIN.CMD
Special Note: If you are somewhat new to Windows, you may want to notice the /d flag in the cd command. The /d flag allows you to change the drive as well as the directory. The %HOMEDRIVE% and %HOMEPATH% are the drive and directory path. Another interesting point to note is that NT supports file names with embedded spaces without any problems. So for example, you can type
CD e:\Program Files /d
to change the drive and directory path to E:\Program Files from a different drive and directory.
Even though the MS-DOS command language in NT is not as rich as the various shells in Unix environments, once the command extensions are enabled, the old batch command language does have some real power. Command extensions are enabled and set in NT by the Registry entry
HKEY_CURRENT_USER\Software\Microsoft\Command Processor
Value: EnableExtensions
Type: REG_DWORD
Setting: 1
You can enable and disable command extensions using cmd /x and cmd /y respectively. With command extensions enabled, you can run scripts with FOR loops, conditional processing with IF, etc. You can, of course, get a complete list of the commands that can be run on the Telnet session by typing in Help after you are logged in through the Telnet session. Figure 4.16 shows a Telnet session from a Unix computer (corba1.foretell.ca) to an NT server (server1. foretell.ca).
You can run any of the commands as if you were at the MS-DOS command prompt. For example, you can check the services that are running on an NT computer and start or stop any of them from a Telnet client running on a Unix computer. You can also run commands such as chkdsk and tree.
Using Telnet Server helps when you have a few NT servers in a predominantly Unix environment. You don’t have to install any software on the Unix computer. Unfortunately, because you are using Telnet, your system is subject to all the security vulnerabilities associated with Telnet (for example, user names and passwords are sent in the clear, and anyone with a protocol analyzer on your network can capture these passwords).
Remote Shell Service
Instead of using Telnet, you could consider using the Remote Shell Service so that commands like rsh can be used from other operating systems. The Remote Shell Service is included only with the NT Resource Kit but the rsh client is installed along with NT. It is a useful tool when you want to perform a series of tasks on a number of NT servers without having to logon to each one individually.
Follow these suggestions to make the r* commands work:
Install the Remote Shell Service on the NT computer(s) that you want to administer remotely. Copy rshsetup.exe, rshsvc.exe, and rshsvc.dll from the NT Resource Kit to the SYSTEM32 folder (typically at C:\WINNT\ SYSTEM32). Change current directory to the SYSTEM32 folder, then execute the rshsetup.exe file as follows:
Upon successful installation, you will get a message similar to the following:
RshSvc created with path C:\winnt\system32\rshsvc.exe
Start or stop the Remote Shell Service using NET START rshsvc and NET STOP rshsvc respectively.
NT requires that the .rhosts file be placed in the %Systemroot%\System32\ Drivers\Etc folder. It should contain the names of computers and users who can use rsh from their own systems. In the following example, we use rsh from a Unix computer (corba1.foretell.ca), and the Remote Shell Service is running on an NT server (server1.foretell.ca). Within the .rhosts file, the syntax to allow user accounts vsankar and ssankar from computers corba1.foretell.ca and corba2.foretell.ca is
Make sure that you press Enter after each line. A Carriage-Return, Line Feed is required after each entry.
You can now execute commands such as rsh server1.foretell.ca “net start someservicename” from the Unix computer to start services. You can also run batch files as well as a variety of other commands and utilities.
Caution: We have encountered a number of problems with the Remote Shell Service over the past two years, so we can’t recommend using it with any degree of confidence. Along with the standard security issues associated with using r* commands, the Remote Shell Service also seems to not check the user name when allowing access. As a result, any user can run commands on the server. Also, the TechNet CD articles refer to problems with memory leaks, and the only solution is to stop and restart the service periodically.
Web Administration for NT
Web Administration for NT (WebAdmin) allows NT 4.0 servers to be administered from any browser that supports Basic or NT authentication. It lets you manage user accounts, configure remote access permissions, manage shares and printers, control sessions, and manage a server computer. It is designed for limited administration tasks and requires IIS 4.0 on the NT system. As a result, it may not be applicable on all your application servers. A number of new initiatives are under way, especially with Windows 2000 — including Directory Services Administration and Web-Based Enterprise Management. A good source of information about these new initiatives is http://www.microsoft.com/management.
Because you will be using IIS, you may want to make sure that authentication is handled using NT Challenge Response or through Certificates (SSL 3.0). At sites that are not too worried about security, you can use WebAdmin without any additional configuration.
Third-Party Tools
Finally, even though the typical administrator wants to accomplish remote administration without any third-party tools, there may be some merit in exploring those. There are tools, such as Network Shell from http://www.shpink.com, that run on both Unix and NT platforms and can be used to manage both types of systems simultaneously through shell scripts. It doesn’t require the use of the r* commands or individual Telnet sessions.
Order Your SQL Fundamentals CD Today! Learn how to use SQL Server, understand Office integration techniques and dive into the essentials of SQL Express and Visual Basic with this free SQL Fundamentals CD.
You've Deployed SharePoint...Now What? This one-day free online conference delivers the technical knowledge needed to kick MOSS up a notch. In one information-packed day, independent SharePoint experts will present practical, real-world information and provide take-away, ready-to-use solutions
What Would You Do If You Ran Microsoft? ITTV's 2008 inaugural video contest, "If I Ran Microsoft..." is your chance to tell it like it is. Be goofy or be serious, but don"t miss this chance to have fun, win prizes, and go viral in a major way.
Maximize Your SharePoint Investment This web seminar discusses how true bi-directional replication of SharePoint content from one server to another enables branch offices to maintain access to current SharePoint content.
Windows IT Pro
Register
