1. Internetworking with Windows 95, 98, and Me
Internetworking between Windows 7 and Windows 95, 98, or Me requires some additional setup work.
First, Windows computers have difficulty “seeing”
each other if you don’t have the exact same set of networking protocols
installed on every computer on the network. You need to ensure that
every Windows 95, 98, and Me computer has the TCP/IP protocol installed,
and you also must uninstall the NetBEUI and IPX/SPX protocols from
them.
Second, the default password security settings
used when Windows 7 is installed make Windows 7 harder for a network
hacker (or hardware hacker) to break your Windows 7 passwords. Unless
you turn off Password Protected Sharing, you need to change one of
Windows 7’s security settings. This significantly increases the risk
that someone could break into your computer.
If you really must use Windows 95, 98, or Me on
your network, you most likely need to change the protocol settings on
the older computers, using the following steps. You might be asked to
insert your Windows installation CD, unless your computer manufacturer
copied its entire contents to your hard drive.
1. | On your Windows 9x or Me computer, click Start, Control Panel, and then open the Network icon.
|
2. | In
the components list, select entries whose names start with “NetBEUI” or
“IPX/SPX Compatible Protocol,” and click Remove. Repeat for any
additional entries.
|
3. | Make
sure that Client for Microsoft Networks appears in the list. If it does
not, click Add, Client, and select Client for Microsoft Networks. Click
OK as necessary to return to the Network control panel dialog box.
|
4. | If your Windows 9x/Me
computer is a member of a corporate domain network, view the Access
Control tab and select User-Level Access Control. Enter the name of a
domain controller computer. (Your network administrator will help with
this.)
On home or small-office networks, view the Access Control tab and make sure that Share-Level Access Control is selected.
|
5. | Click
OK to close the dialog boxes. You might be prompted to insert your
Windows installation CD if you had to add the Client for Microsoft
Networks in step 3.
|
6. | Let Windows restart.
|
If you need to share printers or folders from your Windows 9x or Me computers for use by computers running Windows 2000, XP, Vista, or 7, do not set a password for the shared folder. These newer versions of Windows cannot supply a password in the way that Windows 9x
or Me expects. The only security option you have is whether to select
Read-Only or Full on the Sharing tab of the folders you select to share.
“Full” lets other network users add to, change, or delete files in the
shared folder.
You should not expect to be able to access
folders or printers shared by computers running Windows 7 from computers
running Windows 9x or Me, unless you’ve turned Password Protected Sharing off and use the username Guest. (Windows 9x/Me
cannot provide valid username and password information to Windows 7
unless you make unacceptably risky changes to Windows 7’s password
database.)
2. Internetworking with UNIX and Linux
The UNIX operating system, originally developed
in the 1970s at AT&T’s Bell Laboratories as a platform for internal
software development and as a “workbench” for programmers, is still
evolving and growing. Most of the Internet software you’re familiar with
today was originally developed on UNIX systems, in fact. The Open
Source phenomenon (which is by no means new but is certainly resurgent)
has also produced no-cost UNIX clones such as NetBSD and Linux. Perhaps
hundreds of millions of people use these UNIX-type OSs every day,
sometimes without even knowing it. For example, the Apple Mac and iPhone
OSs are based on NetBSD, and Linux can be found in home computers,
network routers, TiVo digital video recorders, engineering workstations,
Internet servers, cell phones, IBM mainframes, laptops for children in
the developing world, and space probes.
This section looks at ways to network Windows 7
with UNIX-type OSs. Although many of the examples involve Linux, most of
the examples can be translated to almost any UNIX-type OS. And because
typing “UNIX-type” is already getting tiresome, from here on, I
sometimes write just “UNIX,” but I always mean “UNIX and/or Linux and/or
Mac OS X.”
Samba
Samba is an open source (free) software suite
available on most UNIX-like OSs. The Samba server program makes it
possible for UNIX computers to share folders and printers that Windows
users can access, and the Samba client tools let UNIX users access
folders and printers shared by Windows computers. Samba is included with
Apple’s OS X, which is how Macs get their Windows file sharing
capability. The names of the Samba programs start with the letters smb, which stands for Server Message Block. This is the name of the network protocol on which Windows file sharing is based.
Samba Client Tools
To access file services on a Windows server from
UNIX, you must know exactly what resources are available from a given
host on the network. Samba includes a command-line program called smbclient for just that purpose. This application enables you to list available Windows shares and printers from within UNIX. For example, the command smbclient -L //lombok lists all the folders and printers shared by the computer named lombok.
When you know the name of the desired shared folder, the smbmount command enables you to mount the Windows share on the local (UNIX) file system. The command
smbmount //lombok/shareddocs /mnt/winshare -U brian
mounts the SharedDocs folder shared by computer lombok to the local directory /mnt/winshare. The -U switch tells smbclient what username to use when trying to mount the share. You are prompted for a password.
Samba Server Tools
Samba also includes tools and servers to make
your UNIX system look just like a Windows-based network server; this
capability lets your Windows computers use files and printers shared by
UNIX systems.
The parameters for configuring Samba in a server capacity are contained in the file /etc/smb.conf
on the UNIX host. The default file included with Samba has comments for
every parameter to explain each one.
Some OSs, such as the Mac OS X, include a GUI tool to configure Samba file sharing. These tools make the job a lot easier.
If
you have to set up file sharing by hand, read the documentation and
FAQs for your Samba version before starting the setup procedure. A good
place to start is http://en.tldp.org/HOWTO/SMB-HOWTO.html.
Configure Samba for user-specific passwords with the security
option. You need to set up UNIX user accounts for each of your Windows
users. Alternatively, you can set up a single UNIX account that all
Windows user will share; Windows users need to supply the selected
username and password when they use UNIX shares.
Either way, set encrypt passwords = yes in smb.conf. You also need to set up a user and password file for Samba’s use, which is usually specified with the smb.conf entry smb passwd file = /etc/smbpasswd. Your Samba documentation explains how to do this.
Alternatively,
you can use share-level security without a password. This makes Samba
behave similar to Windows 7 with Password Protected Sharing turned off.
However, in this case, you must
take care to prevent SMB access to your UNIX computer from the
Internet. To be precise, you must be sure that TCP port 445 is blocked.
When you have finished editing the smb.conf file, you can test to see that the syntax is correct by using the Samba program testparm. testparm checks smb.conf for internal “correctness” before you actually use it in a production environment.
Printing to UNIX Queues from Windows
You can configure Samba to offer standard
Windows shared printer service. As an alternative, Windows 7 has
built-in support to send output to UNIX-based printers using the Line
Printer Remote (LPR) protocol. You can install a standard Windows
printer whose output is directed to a UNIX system and can use this
printer just as you would any local or networked Windows printer.
Printing to Windows Printers from UNIX
You can install software on Windows 7 to let
UNIX users print to any local printers shared by your computer. This is
the receiving end of the LPR protocol, and it’s called Line Printer
Daemon (LPD) Print Service.
To install this service, log on as a Computer Administrator and follow these steps:
1. | Click Start, Control Panel, Programs, Turn Windows Features On or Off.
|
2. | Scroll through the list of features and open Print and Document Services.
|
3. | Check LPD Print Service, and then click OK.
|
| If you send plain-text files from UNIX machines to Windows printers using lpr
and Print Services for UNIX and find that carriage returns and line
feeds are mangled (for example, line feeds are inserted where just
carriage returns were present in text that should have been
overprinted), you need to disable the translation of both newlines and
carriage returns, or just carriage returns, by adding a value to the
Registry. Use the Registry editor called Regedit to find the key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Printers\printername\PrinterDriverData, where printername is the name of the shared printer the UNIX user is using. Then, Select the key PrinterDriverData and choose Edit, New, DWORD Value. Enter the name Winprint_TextNoTranslation, and set the value to 1. To prevent the server from replacing CR with CR+LF but still have it replace LF with CR+LF, add the DWORD value Winprint_TextNoCRTranslation with the value 1. After
making either of these additions, go to Computer Management, view
Services, right-click TCP/IP Print Server, and select Restart.
Some
Windows printer drivers do not correctly implement overprinted lines.
You might find that thes lines are now correctly stacked on top of each
other, but only the text from the topmost line is visible. You might
need to use the binary mode flag (-o l) in your lpr command and add a form feed to the end of your file. If you later decide to undo the Registry change, you can remove the value item or set its value to 0 and then restart the service. |
|
Services for NFS
Windows
7 Ultimate and Enterprise editions come with client support for the
network file system (NFS) file sharingsystem used on many UNIX systems.
By “client support,” I mean that Windows 7 Ultimate and Enterprise
editions can use files and folders shared by NFS file servers, but they
cannot share files to the network using NFS. It’s an optional component
and is not installed by default.
To install client support for NFS file resources, follow these steps:
1. | Log on as a Computer Administrator.
|
2. | Install
Services for NFS by clicking Start, Control Panel, Programs, Turn
Windows Features On or Off. Expand the Services for NFS entry and check
both Administrative Tools and Client for NFS. Click OK to complete the
installation.
|
3. | Click Start, Control Panel, System and Security, Administrative Tools.
|
4. | In the tool list, double-click Services for Network File System (NFS).
|
This displays the Services for Network File
System management tool. The tool is not put together in the usual way.
The right pane contains only help information. It’s useful, though;
click on any of the links to display the Windows Help pages for NFS. The
management functions are found in the left pane.
To configure the client, follow these steps:
1. | To
select the method that NFS should use to map Windows logon names to
UNIX logon names, right-click Services for NFS in the left pane and
select Properties. If your network provides UNIX name-mapping
information through Active Directory, check Active Directory and enter
the name of the Windows domain. If a User Name Mapping Service server
exists on the network, check Use Name Mapping and enter the hostname of
the mapping server. Either way, your network administrator should
provide you with this information.
If you select neither Active Directory nor User Name Mapping, the
NFS client will access shares anonymously. The NFS server might
restrict or reject anonymous access.
|
2. | To
select whether to use “hard” or “soft” mounts, right-click Client for
NFS in the left pane and select Properties. This setting determines how
many times the client service will attempt to reconnect to a server that
goes offline or becomes unreachable. Microsoft recommends using soft
mounts, although your network administrator might advise otherwise.
This Properties dialog box also lets you determine whether the
client uses TCP, UDP, or TCP and UDP for NFS access. You should be able
to use the default TCP/UDP setting.
|
3. | To
set the UNIX access mask that the client should use when creating new
files or folders in an NFS share, right-click Client for NFS in the left
pane, select Properties, and view the Permissions tab. Check the boxes
corresponding to the permissions that you want to grant on new files
that you might create. (This setting corresponds to the umask setting in a UNIX shell; the default Client settings correspond to a umask of 755.)
|
To start or stop the client service, right-click
Client for NFS and select Start Service or Stop Service. Normally, it
should start immediately on installation and whenever you start Windows.
Subsystem for UNIX-Based Applications
With Windows 7 Ultimate and Enterprise editions,
Microsoft offers a free set of tools called the Subsystem for
UNIX-based Applications (SUA). SUA provides almost all the utilities you
need to seamlessly glue together a network that includes Windows, UNIX,
and Linux computers and services.
Note
SUA is available only on Windows 7 Ultimate and Enterprise editions. It is not available on any other Windows 7 versions. |
The “Subsystem” part of the name is significant.
The Windows NT kernel on which Windows 7 is based was designed to allow
direct support of other OS models in addition to Windows. SUA is
actually a full-fledged UNIX OS environment that runs in parallel
to Windows, not “over” it. SUA runs UNIX executable files directly and
provides a mostly POSIX-compatible environment with complete
case-sensitive filenames, fork() and pthreads support, a single-root file system, and so on.
When the optional Software Development Kit (SDK)
component is downloaded and installed, a full UNIX toolkit is
available, containing over 300 standard UNIX programs. (About all that’s
missing is an X Window server.)
To install SUA on Windows 7 Ultimate or Enterprise, follow these steps:
1. | Click
Start, Control Panel, Programs, Turn Windows Features On or Off, and
check Subsystem for UNIX-Based Applications. Click OK to perform the
installation.
If you need to run only a few specific UNIX applications that you already possess, you can stop at this point.
If you want to install the full complement of UNIX utilities and
development tools and/or the X Window System environment, proceed to
step 2.
|
2. | Click
Start, All Programs, Subsystem for UNIX-Based Applications, and select
Download Utilities for Subsystem for UNIX-Based Applications. Download
and save the installation package to a temporary location.
|
3. | Right-click
the downloaded file and select Run As Administrator. If you want to
install the package on only one computer, take note of the temporary
file location displayed in the Unzip to Folder field, and then click
Unzip. This unzips the files to the temporary folder and automatically
runs the setup program. Then proceed to step 4.
If you want to install the package on several computers, follow these additional steps:
- a. Uncheck the option When Done Unzipping Open Setup.exe.
- b. Create a folder named SUA SDK Setup on a network-shared folder.
- c. Set the Unzip to Folder path to this new folder. Then click Unzip to unzip the setup files.
- d. To install the utilities and SDK programs on a given computer, locate and open the SUA SDK Setup folder. Right-click setup.exe and select Run As Administrator.
|
4. | Click
Next to start the installation wizard. Successive wizard pages ask you
to enter your name and organization, and approve the license agreement.
In the fourth page, you are asked whether to perform a standard or
custom installation. The standard installation installs the base SUA
utilities (a set of BSD UNIX programs) and base SDK components (mostly
standard include files, libraries, and build utilities).
If you select custom installation, you can additionally elect to
install the SVR-5 utilities (a set of programs deriving from UNIX
SVR-5), GNU compilers and utilities, the GNU SDK, Perl, and a Visual
Studio debugger add-in. To select a component, click the red X and
select Will Be Installed on Local Hard Drive.
In most cases, you probably want to select the custom installation and install all components.
|
5. | Click Next until you reach the Security Settings page. Here, you can enable setuid behavior and case sensitivity for filenames and system objects.
With setuid, you can mark a program so that when anyone
runs it, it runs with the security context of the program’s owner. In
Windows terms, it automatically uses “run as” whenever it’s run, and the
user doesn’t need to enter a password. Case sensitivity lets the
Windows file system treat upper- and lowercase letters as distinct; for
example, Note.txt and NOTE.TXT are considered to be
different filenames, and both can exist in the same folder. UNIX
applications treat them as different files. (However, Windows
applications do not and just open a file arbitrarily.)
Both setuid
and case sensitivity are the norm on UNIX systems. Some UNIX programs
require them, but they are foreign concepts to most Windows users, and
they have both positive and negative security implications. Microsoft
recommends disabling setuid unless you are sure that your UNIX
applications or daemons (services) require it. Case sensitivity is
usually required for correct operation of UNIX software-development
tools (makefiles).
For more information, open and read install.htm, which
was unzipped into the temporary folder or network shared folder in step
3. Also remember that you can change these settings after installation
by editing the Windows Registry and rebooting, as noted in install.htm.
|
6. | After the installer finishes, if you enabled case sensitivity or setuid, restart Windows. When Windows is back up again, log on as a Computer Administrator.
|
7. | Click
Start, All Programs, Subsystem for UNIX-Based Applications, Check for
Critical Updates. This takes you to a Microsoft web page that lets you
check for security updates to the utilities.
Although updates for the UNIX Subsystem itself are delivered
through Windows Update and Automatic Updates, security fixes for the
downloaded utilities are not. You need to remember to periodically use
this menu selection to check for security updates to the utilities.
|
When the utilities and SDK have been installed,
you can start a UNIX shell (Command Prompt window) by clicking Start,
All Programs, Subsystem for UNIX-Based Applications, and either C Shell,
Korn Shell, or SVR-5 Korn Shell, depending on your preference. The
What’s New menu item provides information on how SUA differs from the
Windows XP Services for UNIX and provides an overview of SUA features.
For detailed help information, click Start, All
Programs, Subsystem for UNIX-Based Applications, Help for Subsystem for
UNIX-Based Applications. The UNIX man, apropos, and other standard help programs are available within the UNIX shells.
