|
|
|
|
|
HELIOS EtherShare 2.6 User manual |
||||
This chapter describes the function and configuration of the Administration Server. In conjunction with the EtherShare Admin application, the Administration Server allows the EtherShare system to be configured from any Macintosh workstation in the network in a secure and convenient way.
The EtherShare Administration Server system consists of the program "admsrv". It is created automatically in the "$ESDIR" directory during installation. EtherShare is configured to start "admsrv" automatically when UNIX is booted.
"admsrv" implements administration server functions on the host and manages the communication with the EtherShare Admin program on Macintosh workstations. Each new login request from the EtherShare Admin results in a new "admsrv" process being created. Accordingly, when a number of users use the EtherShare Admin application at the same time, a number of "admsrv" processes run simultaneously.
When it starts, the Administration Server program "admsrv" first accesses the main configuration file "atalk.conf" to determine its configuration. The "install" program automatically sets up this file with initial values. The values can be changed if necessary by using an editor such as vi. See also chapter 5.14 "Editing "atalk.conf" (and other configuration files) manually".
The parameters described below can be defined for "admsrv" in "atalk.conf" (note that the parameter list is preceded by the program name "admsrv"):
netname is the AppleTalk (NVE) name of the Administration Server. This is the name with which it is known to the network. It is the name you see in the Chooser of the EtherShare Admin program. Several names in a row, separated by a comma, are optional.
Note: The AppleTalk type of the Administration Server is not configurable. The type is always AdminServer.
zonename is the name of the AppleTalk zone to which the administration server should be allocated. This parameter determines the zone in which the Administration Server can be found in the Chooser of the EtherShare Admin program. The chosen zone must be one of the local zones that the host is connected to. You can test this with the "zones -l" program.
The default for zonename is "*", i.e. the zone of the first interface entry in "atalk.conf". Several names in a row, separated by a comma, are optional, e.g.:
maxclients specifies the maximum number of workstations (clients) that are permitted to work on the Administration Server simultaneously. This value can be the same as the total number of workstations that are connected to the AppleTalk network, but is usually smaller than that.
file specifies the name and path of the file in which the user data for the "Yellow Pages" system are stored (see later).
file specifies the name and path of the file in which the group data for the "Yellow Pages" system are stored (see later).
file specifies the name and path of an optional AFP user list for use with the "Yellow Pages" system.
As a time-saving feature when logging on, the AppleShare selection in the Chooser on the Macintosh lets you save your File Server user name and/or user password on the Macintosh's local hard disk.
To improve security, specify the nosavepasswd switch to disable the saving of user passwords in this way, in which case all users have to enter their password manually each time they log on to the EtherShare Admin. Note: you can still change your File Server password in the Chooser in the normal way (with Change Password).
Note: The [no]savepasswd setting only works for Mac OS Version 7.0 and above.
file is the path of the host directory which contains the server font list "FontDirectory". The fonts themselves are contained in sub-directories of file, arranged alphabetically.
fontdir is also available as a global printer parameter. You should make sure that you do not specify different font directories for the Administration Server and the Print Server.
This switch (if set to protected) can be specified to protect (lock) all configuration data. Then, merely maintaining spool queues is possible.
The EtherShare Admin allows users with sufficient permissions to configure the EtherShare system from any Macintosh workstation on the AppleTalk network in a convenient and secure way. For example, it can be used to set up users, groups, volumes, and printers, and re-schedule print jobs. Normally, only the system administrator is allowed to make any changes. Non-privileged users can inspect the configuration and the print job queue, but cannot change anything except delete their own print jobs.
Members of the special "system administrators" group can also use the EtherShare Admin to make any changes they like, including printer configuration, and sending AFP messages with Lists/Active Users/Message/Message To All... to all AppleShare users logged-on to the EtherShare server. However, these group members are not allowed to modify any information on users with an ID less than 100 (note: the system administrator has a user ID of 0). The groupname parameter specifies the name of the special "system administrators" group.
Members of the special "printer administrators" group can use the EtherShare Admin to manipulate print jobs from a Macintosh workstation, i.e. they are allowed to:
Members of the special "queue administrators" group can use the EtherShare Admin to manipulate print jobs and queue configurations from a Macintosh workstation. Thus, they have even more privileges than members of the "printer administrators" group that is described above. Queue administrators are allowed to:
Note: The default values "SysAdm", "PrnAdm", and "QueueAdm" are created automatically during installation.
When creating printers with the EtherShare Admin, the user of the printer daemon is set in "/etc/printcap" by default to ID 0 ("root") with the flag "du#0". This simplifies
permission considerations when printing, especially if the print job contains external references to OPI images or "%%Include..." comments. This feature is associated with a slight security risk. Specify daemonuid to instruct the EtherShare Admin to set the user of the printer daemon to the ID of another user, for example to ID 1 (user "daemon"). An alternative option for the system administrator is to change the "du" flag value for all printer entries in "/etc/printcap" manually.
If you are unlucky enough to experience a system crash, the following temporary files are occasionally left over by the "admsrv" program: "ptmp", "gtmp", "atmp" and "vtmp" in the directories "/etc" or "$ESDIR/conf".
They must be deleted before restarting "admsrv" to ensure proper functioning of this program. This is done automatically by the "start-atalk" script.
The Administration Server has been designed to support the UNIX yellow pages (NIS) system, which, in a network of several UNIX hosts, allows user names, group names, and passwords as well as other configuration details to be stored centrally on the so-called "Yellow Pages Master" host. This considerably simplifies setting up new users, particularly if they each need access to more than one host. Please note that the user configuration data maintained under Yellow Pages is only stored on the Master host. You can only change it with the EtherShare Admin by logging on to the Administration Server on the Master host, and not one of the Slaves.
Furthermore, the special Yellow Pages password and group files (e.g. "/var/yp/passwd" and "/var/yp/group") are usually stored on the Master host in a subdirectory of "/etc". For this reason, and assuming that you also have EtherShare installed on the Master host, the configuration entry for the Administration Server in "atalk.conf" allows you to specify the name and location of the Yellow Pages password and group files with the parameters yppasswd and ypgroup, respectively. These parameters only need specifying on the Master host.
If you have not installed EtherShare on the Yellow Pages Master host, you can edit the Yellow Pages password and group files to set up Slave users by using the standard UNIX Yellow Pages tools in the normal way. We would like to point out, however, that the EtherShare Admin is much easier to use for setting up Yellow Pages users and groups than the standard UNIX tools. You can use the EtherShare Admin to set up both, EtherShare users and regular UNIX users.
The optional AFP user list ("$ESDIR/conf/afppasswd") can also be used with the Yellow Pages system by setting up a second "afppasswd" file on the Master host (e.g. /var/yp/afppasswd) containing the names of all users of the Master and its interconnected Slaves. You must specify its name and path in the Master's Administration Server parameter ypafppasswd. The Master host's "$ESDIR/ conf/afppasswd" file should only contain the "root" and system logins, terminated by "+:" in the last line.
The installation includes in the directory "$ESDIR/etc" the script "ypMakefile", which contains the necessary changes required to implement the AFP user list under Yellow Pages. It must be copied as "Makefile" to "/var/yp".
Since, in the Yellow Pages system, the password and group files are often stored in "/var/yp" rather than in "/etc", a typical configuration for the Administration Server on the Master host is as follows:
The "$ESDIR/conf/afppasswd" file of each host in the Yellow Pages system (Master and Slaves) must include a line containing only "+:" at the position where the Yellow Pages user and group map should be included. This usually follows entries for the "root" and the system logins only, to make sure that it is still possible to log on to the host in the case of a failure of the network connection to the Master:
When the Yellow Pages system is being used, the Administration Server automatically calls the program "$ESDIR/ etc/yp-update" whenever user or group data are changed, in order to update the Yellow Pages files. The network connection results in a slight additional time delay when making such changes.
| © 2002 HELIOS Software GmbH |
|
|
|
|
|