The keys to efficient interoperability
Suppose you're the network administrator at a large UNIX shop, and your MIS department standardizes all your network's client workstations on Windows NT Workstation 4.0. Naturally, your new NT users want to access their UNIX-based files from their NT machines. What are your choices for a low-cost, workable solution to this problem? Unfortunately, the options are fairly limited. UNIX and NT originated from distinct roots, and because their backgrounds are different, each operating system's (OS's) mechanism for storing and sharing files is unique.
There is good news, however. With the growing popularity of NT in large enterprise environments, several methods can help you facilitate file sharing between NT and UNIX. You can enact noninteractive access by means of Microsoft programs such as File Transfer Protocol (FTP) or HyperTerminal, or interactive access by using tools that employ either the Common Internet File System (CIFS) standard or the NFS communications protocol. In this article, we'll describe how these access methods work, and what their strengths and weaknesses are. Then, we'll discuss the security problems that arise when you share files across platforms, and what you can do to address those problems. Along the way, we'll describe connectivity tools that can help make cross-system file sharing as painless and transparent as possible.
File-Sharing Solutions
Microsoft's TCP/IP suite is limited in file-transfer options. One option is to use NT's FTP client to transfer files between UNIX and NT hosts. Or, you can use the Telnet program to transfer files. Unfortunately, these solutions are slow and don't work in environments where multiple-user access to a file is necessary. In addition, Telnet can transfer only ASCII files--not binary files. TCP/IP solutions are suited primarily to environments where you need to transfer personal files to and from a storage facility on a UNIX host. The points in the TCP/IP methods' favor are that all UNIX OSs include FTP and Telnet servers, and NT includes FTP and Telnet clients.
Another native Microsoft solution is to use HyperTerminal (packaged with NT 4.0 and Windows 95) to transfer files to and from a UNIX system. HyperTerminal supports four file-transfer protocols: XMODEM, YMODEM, ZMODEM, and Kermit. When you use HyperTerminal, you must have a program on your UNIX system that supports one of the HyperTerminal transfer protocols.
If you use a third-party vendor's TCP/IP suite on your NT machines, you might have additional options for performing NT-UNIX file transfers. On most UNIX systems, users have access to the remote copy (rcp) command, which copies files from one OS to another. Another group of programs, collectively referred to as the UNIX-to-UNIX Copy (UUCP) program, lets you transfer files interactively or in a batch mode. Vendors are now making these once UNIX-specific programs available on NT for easier cross-system communication.
The CIFS and NFS options are interactive--either protocol installed on one platform can access files on the other platform as if the files were local. However, to use CIFS or NFS, you must install additional software on either your UNIX or NT hosts. CIFS, originally known as Server Message Block (SMB), is the default network file-sharing mechanism that NT machines use. You equip your UNIX hosts with CIFS software to let UNIX users participate in your NT file-sharing network environment. Alternatively, you can install NFS-enabling software on your NT machines to let your NT users participate in UNIX file sharing. Using NFS requires you to install an additional software package on all your NT machines, a potential administrative headache. Fortunately, a growing number of NFS products offer gateway connectivity between desktop computers and NFS resources, eliminating the need to install software on every NT machine. Let's look more closely at the CIFS and NFS options.
CIFS on UNIX. Implementing a CIFS solution on the UNIX side is often the cleanest cross-system file-sharing solution, because it doesn't require you to install special drivers on your NT host. In addition, growing numbers of UNIX vendors include some form of CIFS software with their products. Even if your UNIX vendor does not include a CIFS solution with its products, you can still choose from several good freeware and third-party products.
At the inexpensive end of the equation is the freeware product Samba. Available in source-code form over the Internet, Samba is perhaps the best CIFS-enabling software product available. You can configure Samba to act as a Primary Domain Controller (PDC) for your NT domain. When a UNIX user connects to the domain, Samba automatically executes an NT logon script. Alternatively, Samba lets you share UNIX directories and printers as shares, as any NT host would. (For more information about Samba, see Mark Joseph Edwards, "Samba," March 1997.)
If freeware doesn't excite you, you can opt for a commercial product. Perhaps the predominant CIFS-enabling UNIX product on the market today is SCO VisionFS. SCO VisionFS offers full CIFS capabilities, including file and printer sharing. Unfortunately, SCO VisionFS doesn't offer any of the advanced domain capabilities Samba offers; however, SCO VisionFS lets you verify user security against an NT domain controller. A version of SCO VisionFS exists for virtually every major UNIX system, including AIX, HP-UX, and SunOS. The downside to SCO VisionFS is its cost: You need to purchase a client access license for each user who will use the product to share files.
Operating either Samba or SCO VisionFS on your UNIX host requires NetBIOS enabled over TCP/IP. Because most UNIX OSs don't have a NetBIOS over TCP/IP driver, SCO VisionFS contains a self-contained NetBIOS driver that provides this capability. (Samba includes a NetBIOS daemon, nbd, that enables NetBIOS over TCP/IP.) Setting up and administering both SCO VisionFS and Samba is easy, although both products require a thorough knowledge of the UNIX OS you install them on.
The most difficult part of administering SCO VisionFS or Samba might be creating user accounts on NT and UNIX systems that have access to files on both systems. For example, on an NT domain Mike's logon might be mdeignan, whereas on a UNIX machine it might be mpd. If Mike tries to access resources on the UNIX machine from an NT domain, no mdeignan logon exists to let him do so. CIFS software needs to know how to translate NT logon names to UNIX account names. In most instances, cross-system file-sharing software packages have a manual translation table, but you need to configure the software to tell it how to perform the translation. In general, using the same username on both platforms is easiest--even if you experience some short-term pain in converting all your usernames to a new standard.
Previous
Register
