Last updated: 30 May 2000
Fusion95 can be used in a Wide Area Network, Internet or Intranet environment. The WAN can be private and/or public and consist of any type of link from low-speed dial-up to high-speed leased lines.
The main difference between accessing Fusion95 on a WAN compared to a LAN is the address resolution scheme. In order to access a server via TCP/IP the client needs to be able to resolve the server name into a TCP/IP address.
On a LAN, a broadcast is sent to the NetBIOS name server to resolve a server name to an IP address. This is transparent; it doesn't need to be configured. On a WAN, the broadcast packets are not routed and therefore another method must be used.
Methods to resolve addresses on a WAN depend upon the client software, the following are available in Windows95:
Note that this section has nothing "specifically" to do with Fusion95; exactly the same rules would apply even if you were connecting to a Windows server.
The following LMHOSTS file could be used in a client PC to resolve the addresses for a number of remote servers:
192.0.0.1 RS6000 #PRE 192.0.0.10 POWERPC #PRE 192.0.1.11 M88K #PRE 192.0.1.12 APRIL #PRE
Note that on some clients (e.g. NT) you can specifically enable/disable LMHOSTS look-ups using the TCP/IP properties settings.
Putting the LMHOSTS file onto a server rather than onto every client, greatly reduces maintenance time. The following LMHOSTS file could be used in a client PC to point to an LMHOSTS on a remote server to be used to resolve addresses:
192.0.0.1 RS6000 #PRE #INCLUDE \\RS6000\DISK\LMHOSTS
Using the above LMHOSTS file would introduce a single-point-of-failure into your WAN. If the server RS6000 was not operational then it would not be possible for the client PC's to access the WAN; even if the server they wanted to access was operational. In order to provide redundancy, alternate servers can be specified. In the following example, if server RS6000 was not available then the alternate server APRIL would be used to resolve the addresses.
192.0.0.1 RS6000 #PRE 192.0.1.12 APRIL #PRE #BEGIN_ALTERNATE #INCLUDE \\RS6000\DISK\LMHOSTS #INCLUDE \\APRIL\DISK\LMHOSTS #END_ALTERNATE
A WINS can be used to resolve addresses. Care must be taken to have multiple WINS so as to not introduce a single-point-of-failure into your WAN. WINS will only run in a Windows NT server. WINS is only available to Windows95 and Windows NT clients as standard; an upgraded redirector (VREDIR.386) for WfW is available on the Windows NT server CD-ROM.
A DNS can be used to resolve addresses. Care must be taken to have multiple DNS so as to not introduce a single-point-of-failure into your WAN. DNS will run in a wide range of machines including Windows, UNIX and AIX.
It is not necessary to just use one of the methods above; they can be used in combination. For example if all methods are implemented, a Windows NT workstation will resolve names in the following order:
The Windows nbtstat command can be used to test name resolution. It can be run twice, first with the -A option and then with the -a option. Both commands should give the same result. If the first command works, but the second doesn't, then name resolution in the Windows PC has not been correctly configured. The following command will obtain the adapter status from the node with the IP address specified...
NBTSTAT -A 192.0.0.1
Using the -a option together with the server's node name will cause Windows to resolve the name to an IP address and then obtain the adapter status from that node...
NBTSTAT -a RS6000
Note: the options are case sensitive.
In Windows98 and later versions of Windows95 and NT it is possible to specify the IP address instead of the node name when you map a drive. This bypasses the whole name resolution mechanism. Thus...
NET USE U: \\192.0.0.1\ACCOUNTS
can be used instead of...
NET USE U: \\RS6000\ACCOUNTS
The Fusion95 printer client will first use broadcasts to obtain the IP address of the printer server. If Fusion95 and the printer server do not reside on the same broadcast network (e.g. separated by a WAN), then Fusion95 will not be able to find the printer server using this method. The Fusion95 printer client will then search the DNS and/or the /etc/hosts file to attempt to find a matching name, even checking for all upper or all lower case.
In order to print to a remote printer from the Fusion95 printer client you should add the printer server's name and IP address to the /etc/host file on you Fusion95 UNIX machine or configure the DNS used by UNIX to provide the IP address of the remote printer server.
The "Printer on local LAN" configuration option for the printer client is normally set to yes. It should be set to no if the printer is on a node outside of the current broadcast network (i.e. accessed via a router but not if accessed via a bridge). In this case Fusion95 will not attempt to broadcast to locate the printer but instead go directly to the DNS and/or the /etc/hosts file. This will remove an overhead of 10 seconds.
If your WAN uses a firewall or router that restricts certain TCP and UDP sockets then you have to make sure that you open the ports required by Microsoft Networking so that a PC client can access the Server.
For Microsoft Networking you should open ports 137, 138 and 139 for both TCP and UDP. These are often defined as follows:
netbios-ns 137/tcp # NETBIOS Name Service netbios-ns 137/udp # NETBIOS Name Service netbios-dgm 138/tcp # NETBIOS Datagram Service netbios-dgm 138/udp # NETBIOS Datagram Service netbios-ssn 139/tcp # NETBIOS Session Service netbios-ssn 139/udp # NETBIOS Session Service
Note that this section has nothing "specifically" to do with Fusion95; exactly the same rules would apply even if you were connecting to a Windows server.
Fusion95 version 4 supports Windows password encryption over the LAN.
The following Microsoft clients have a default configuration that requires the server to support encrypted passwords over the LAN.
Fusion95 version 3 does not support Windows password encryption (it only supports UNIX password encryption) and thus requires plain text passwords to be enabled in these Windows platforms. The next three sections describe how to enable plain text passwords in each of these clients.
Fusion95 version 4 does support Windows password encryption, and thus it is not normally necessary to enable plain text passwords in the above clients. However it may still be desirable to enable plain text passwords if Unix-Level security and UNIX password encryption (by setting secmode=1 in the pcserve.ini file) is to be used instead of Windows password encryption. A better solution is to change to User-Level security (by setting secmode=3 in the pcserve.ini file) and use Fusion95's User Database rather than the /etc/passwd file in which case Windows password encryption is supported.
Note: this is not normally required for Fusion95 version 4. It is however required for Fusion95 version 3.
Connecting to SMB/CIFS servers (such as Fusion95 and LAN Manager for UNIX) with a plain text password fails after upgrading to Windows NT 4.0 Service Pack 3.
This is because the SMB redirector in Service Pack 3 handles passwords differently than previous versions of Windows NT. Beginning with Service Pack 3, the SMB redirector will not send a plain text password unless you add a registry entry to enable unencrypted passwords.
This applies to both NT Server and NT Workstation.
This will cause an error such as:
SYSTEM ERROR 1240: The account is not authorized to logon from this station
To enable plain text passwords, modify the registry in the following way:
WARNING: Make sure you know how to run the registry editor correctly. Using it incorrectly can cause serious problems.
For more information see the Microsoft Knowledge Base article: Q166730.
For more information about Window NT, Service Pack 3 and The Registry see the relevant Microsoft documentation.
Note: this is not normally required for Fusion95 version 4. It is however required for Fusion95 version 3.
Connecting to SMB/CIFS servers (such as Fusion95 and LAN Manager for UNIX) with a plain text password fails after upgrading Windows95 with Microsoft's VRDRUPD.EXE update.
This is because the new SMB redirector handles passwords differently. With this update, the SMB redirector will not send a plain text password unless you add a registry entry to enable unencrypted passwords.
To enable plain text passwords, modify the registry in the following way:
WARNING: Make sure you know how to run the registry editor correctly. Using it incorrectly can cause serious problems.
Note: this is not normally required for Fusion95 version 4. It is however required for Fusion95 version 3.
Connecting to SMB/CIFS servers (such as Fusion95 and LAN Manager for UNIX) with a plain text password fails from Windows98.
This is because the SMB redirector, by default, requires passwords to be encrypted. With this version of Windows, the SMB redirector will not send a plain text password unless you add a registry entry to enable unencrypted passwords.
To enable plain text passwords, modify the registry in the following way:
WARNING: Make sure you know how to run the registry editor correctly. Using it incorrectly can cause serious problems.
Note: this is not normally required for Fusion95 version 4.
Connecting to SMB/CIFS servers (such as Fusion95 and LAN Manager for UNIX) with a plain text password fails from Windows 2000.
This is because the SMB redirector, by default, requires passwords to be encrypted. With this version of Windows, the SMB redirector will not send a plain text password unless you add a registry entry to enable unencrypted passwords.
To enable plain text passwords, modify the registry in the following way:
WARNING: Make sure you know how to run the registry editor correctly. Using it incorrectly can cause serious problems.
When Fusion95 is installed it will automatically configure 8 printer clients called lprt00 through lprt07. The following procedure can be used to configure additional printer clients lprt08 and upwards.
The start-up script (/usr/fusion95/f95start) must be modified to start the correct number of printer daemons. Change one line of the script as follows:
SMBP=0
while [ $SMBP != 8 ]
do
The while loop is processed once for each printer. Change the number to the new number of printer clients to be supported:
SMBP=0
while [ $SMBP != 9 ]
do
This will now loop and create 9 printer clients.
An 'lp' model must be created for each printer. This should be created in the /usr/fusion95 catalog by copying the script for lprt00.
# cd /usr/fusion95
# cp lprt00 lprt08
An 'lp' entry must be created for each printer. This is platform dependant.
# mkque -qlprt08 -a"up = TRUE"
# mkquedev -qlprt08 -dlprt08 -a"file = FALSE" -a"backend =/bin/sh /usr/fusion95/lprt08"
# /usr/lib/lpadmin -plprt08 -mfusion95 -D"Fusion95 SMB printer client 08" -onobanner -v/dev/null -h
# enable lprt08
# accept lprt08
Note that while not required, the lpadmin -A option might be useful (e.g. -A mail). This controls Alerts when printing problems occur. See the Unixware lpadmin(1M) manual page for more details.
# mknod /dev/lprt08 p
# /usr/sbin/lpadmin -plprt08 -mstandard -D"Fusion95 SMB printer client 08" -onobanner -o"stty='clocal -onlcr'" -v/dev/lprt08
# /usr/bin/enable lprt08
# /usr/lib/accept lprt08
# rm /dev/lprt08
# /usr/sbin/lpadmin -plprt08 -mfusion95 -D"Fusion95 SMB printer client 08" -onobanner -v/dev/null -h
# enable lprt08
# accept lprt08
# mkdir /usr/spool/lpd/lprt08
# echo "lprt08|LPRT08| :\
:af=/usr/adm/lpacct:\
:lf=/usr/adm/lperr:\
:lp=/dev/null:\
:mx#0:\
:if=/usr/fusion95/lprt08:\
:pl#66:\
:pw#80:\
:sd=/usr/spool/lpd/lprt08:\
:xf=/usr/lbin/xf:" >> /etc/printcap
# /usr/sbin/lpadmin -plprt08 -mstandard -D"Fusion95 SMB printer client 08" -onobanner -v/dev/lprt08 -h
# enable lprt08
# accept lprt08
# /usr/lib/lpshut
# touch /dev/lprt08
# /usr/lib/lpadmin -plprt08 -mdumb -v/dev/lprt08 -h
# /usr/bin/enable lprt08
# /usr/lib/accept lprt08
# rm /dev/lprt08
# /usr/lib/lpsched -v
# /usr/lib/lpshut
# /usr/lib/lpadmin -plprt08 -mfusion95 -v/dev/null -h
# /usr/bin/enable lprt08
# /usr/lib/accept lprt08
# /usr/lib/lpsched -v
Fusion95 uses one Semaphore Undo Structure per user. For large systems running on SCO OpenServer 5 it may necessary to tune the SEMMNU kernel parameter and increase its value. It is suggested that this value be set to ten (10) more than the number of Fusion95 users.
SCO documented the maximum value of SEMMNU as 100. Which of course would never be enough for any large system. But they also have the "secret documentation" which says the maximum is 32000. This you can find at:
http://www.sco.com/cgi-bin/ssl_reference?104877Most modern UNIX systems allocate these Semaphore Undo Structures dynamically from available kernel memory, and thus no kernel tuning is required. Even SCO have started allocating them dynamically in UnixWare 7 and removed SEMMNU.
The following are hints for customers and resellers reporting problems in F95ADMIN.
Please report which version of F95ADMIN you are running. To do this:
Make sure that the F95ADMIN you are running is the latest version. You can see what the latest version of F95ADMIN is, by going to http://www.april.se/ftp_e.html#Fusion95. You can also download from here if you are running an older version.
If upgrading to the latest version doesn't fix the problem, create a log file to help us trace the problem. Do the following:
Edit the file called f95admin.ini in the C:\Windows catalog. It should look something like...
[config] usedisk=Z: search=2 servername=HIMALAYA domainname=
Add the line...
log=1
So the file looks like...
[config] usedisk=Z: search=2 servername=HIMALAYA domainname= log=1
Now restart, F95ADMIN and run so as to reproduce your problem. This will create a f95admin.log file in the C:\Program Files\Fusion95 catalog.
Please send us the following information to help us resolve your problem...
The directory names C:\Windows and C:\Program Files\Fusion95 might vary on different Windows systems depending on which language version you are running and whether the installation defaults were chosen. In the above, we used the values for a default installation on an English Windows.
The following are hints for customers and resellers with problems in the printer client - smbprtup.
If you are running through a router, read the "Wide Area Networks" chapter in this document, the section entitled "Printing from Fusion95 to a remote printer" is specifically of interest.
Problems can often be speedily resolved with the help of a trace file. It is however occassionally the case that creating a trace file does not reproduce the problem, but even then the trace is of use in allowing support personnel to see the client and server configuration.
To obtain a trace from smbprtup, run the following.
# cd /usr/fusion95 # ls -l | ./smbprtup -nt -ccfg/lprt00.cfg 2>&1 | tee trace.txt
Email the output (trace.txt) to support together with a full description of the problem.
Problems which cause smbprtup to fail when it attempts to connect to the server with the shared printer resource are often caused by the name conflicts or wide-area networking problems.
To verify the configuration, run the smbprtup with the -v option.
# cd /usr/fusion95 # ./smbprtup -v -ccfg/lprt00.cfg
An error will be reported if the configuration fails to veify, otherwise the command prompt will be displayed.
Problems which cause smbprtup to fail when it attempts to map the shared printer resource are often caused by the security settings on the server to which the printer is attached. Common causes are that the password and username (if required) configured for the smbprtup printer client using smbprt.sh or fusion menu do not match those on the printer server:
Problems which cause smbprtup to fail when it attempts to open the spool file are often caused by the spooling options settings on the server to which the printer is attached.
This is often caused by a Windows spool server not correctly supporting RAW printing when configured for EMF spooling. To check this, look at the printer spooling configuration, in the Windows machine. To do this, go to:
In Windows98 and Windows95:
In Windows NT:
In Windows 2000:
Check the configuration.
In the above examples lprt00 is used. You will need to change the number to that of the printer client causing the problem.
The following are hints for customers and resellers with problems in the file & printer server - pcserve.
If you are running through a router, read the "Wide Area Networks" chapter in this document. The Password Encryption chapter may also be of interest if you are having problems with authentication.
Problems can often be speedily resolved with the help of a trace file. It is however occassionally the case that creating a trace file does not reproduce the problem, but even then the trace is of use in allowing support personnel to see the client and server configuration.
To obtain a trace from pcserve, do the following.
|
Back to April's Home Page | Webmaster: keith@april.se |