Configuration of AIX Fast Connect and SMBFS

Divya Vikas, Uma Chandolu, and Puneet Mahajan
Published on December 18, 2007

The Common Internet File System (CIFS), also known as Server Message Block (SMB), is a standard remote file system access protocol over the Internet, enabling groups of users to work together and share documents and printers across the Internet or within corporate intranets. CIFS allows multiple clients to access and update the same file, while preventing conflicts with sophisticated file sharing and locking semantics. It also permits aggressive caching and read-ahead and write-behind without loss of cache coherency, thereby increasing the performance, which is the backbone of today's sophisticated enterprise computer networks. CIFS complements HTTP and provides more sophisticated file sharing and file transfer than older protocols, such as FTP.

File sharing between PC operating systems, such as Windows®, is commonly implemented using the CIFS protocol, and file sharing between AIX® systems has been implemented using the Network File System (NFS) protocol. Since these two protocols being non-interoperable, products like AIX Fast Connect and AIX SMBFS allow PC clients to access and share files on the AIX server and vice versa.

Overview of AIX Fast Connect

AIX Fast Connect is server software that allows AIX servers to share files and printers with personal computer clients running the following Windows operating systems:

Windows XP
Windows 2000
Windows 2003
Windows NT
Windows 98Windows

AIX Fast Connect provides the following:

A rich set of security features
High performance (SendFile API support and memory-mapped files )
File safety specifications (so that multiple machines can access the same file without locking problems and opportunistic locking)
Maintenance and administration using the System Management Interface Tool (SMIT)
Secure authentication techniques (AIX-based user authentication, NT pass-through authentication, Lightweight Directory Access Protocol (LDAP) support for user authentication, Kerberos-based authentication, and CIFS password encryption protocols)

Figure 1. AIX Fast Connect

Basic Functional Blocks for AIX FastConnect

Note: AIX Fast Connect supports AIX 5.1 and above.

Installation requirements

Install the following filesets to configure AIX Fast Connect:

Figure 2. Configuring AIX Fast Connect

Installation requirements

Only the root user can perform the configuration of Fast Connect for the AIX server; however, any user can access the configuration menu.

Starting the Fast Connect server

There are two ways in which you can start the Fast Connect server:

Using SMIT

Enter smitty smb.
Figure 3. Using SMIT
Select the Start Server.
In the next screen, the command completes and displays the following message:

1

Server servername has started successfully on servername

Using the command line

Enter net start /load.

To verify, run the following:

#ps -eaf | grep cifs
root 503820      1   0   Aug 23      -  0:00 /usr/sbin/cifsUserProc
root 565300      1   0   Aug 23      -  0:12 /usr/sbin/cifsServer
root 823380 757910   0 12:55:44  pts/2  0:00 grep cifs

These two processes, associated with Fast Connect, are responsible for the SMB request and response:

cifsServer is the main server daemon; it is a main server process owned by root.
cifsUserProc is a client session daemon; there is one cifsUserProc for each session. For every new request to the AIX Fast Connect server from the Windows client, a new cifsUserProc thread is created.

Defining shares

There are two ways in which you can add a new file system share:

Using SMIT

Enter the following command: #smitty smb.
Select Server Shares > File Systems (Shared Volumes) > Add File Systems (Shared Volumes).
Figure 4. Adding file systems

Using the command line

Enter the following command:

1

2

#net share /add /type:f /netname:TEST

/path:/home/divya /desc:"File share test"

Configuration of encrypted passwords and defining a user

When the AIX Fast Connect server is configured for encrypted passwords, AIX Fast Connect attempts to authenticate all incoming SMB usernames and encrypted_password logins against the AIX Fast Connect /etc/cifs/cifsPasswd file. This file, initialized and maintained by the net user command, is a database of AIX Fast Connect users (and their encrypted passwords).

All AIX Fast Connect users defined by the net user command should be AIX users.

The passwords of the Fast Connect users are distinct from (and might differ from) the standard AIX passwords in the /etc/security/passwd file. When an AIX user changes their password (using /usr/bin/passwd), the AIX Fast Connect password for that user does not automatically change.

To enforce encrypted passwords for AIX Fast Connect, type:

1

#net config /encrypt_passwords:2
To configure a new user for encrypted passwords, type:

1

#net user username password /add

Or

1

#net user username -p /add

The -p flag prompts for a no-echo password.
To change a user's encrypted password and also update that user's AIX password, type:

1

#net user username password /changeaixpwd:yes

Or

1

#net user username -p /changaixpwd:yes

Once the above configurations are done, stop and start the server.

To stop the server and unload the server daemon, type:

1

#net stop /unload
To load the server daemon and enable PC clients to connect, type:

1

#net start /load

Now the Fast Connect server is ready to allow PC clients to connect and access the exported file shares.

Mapping drives from the PC clients

Typically, PC clients must define drive mappings to use the CIFS exported file shares. These drive mappings can be done from Windows or from the DOS command prompt.

You can use the following mechanisms to define or undefine mappings between PC drives and CIFS file shares. For the following examples, assume that the NetBIOS server name is indus19.in.ibm.com and that file shares test, test1, is defined.

For DOS, enter the following:

DOS> net help (help info for DOS)
DOS>net use F: \\indus19.in.ibm.com\test /user:tstuser tstpass
DOS>net use H: \\indus19.in.ibm.com\test1 (When username and password is not 
specified in the command line, then a pop window appear asking for the username
and the password)
 DOS> copy F:\oldfile H:\newfile (uses the mapped drives) 
 DOS> net use F: /delete (delete the mapped network drive)

For Windows, do the following:

In the Map Network Drive dialog box, select Windows Explorer > Tools > Map Network Drive, or right-click Network Neighborhood and select Map Network Drive.
Select the drive from the Drive: drop-down list, and then Enter the path. For example, see Figure 5 below.
Figure 5. Mapping drives
To access the exported CIFS filesystems from Windows(Y:\), see Figure 6 below:
Figure 6. Accessing the exported CIFS filesystems from Windows

Here are some other useful commands:

To query the server's operational status, type:

1

#net status
To show general configuration information, type:

1

#net config
To show statistical information (for example, packets delivered), type:

1

#net statistics

You can reset the statistics counts by typing net statistics /reset on the command line.
To query the status of logged-in user sessions, type:

1

#net session
To list all shares currently exported by the CIFS server, type:

1

#net share
To list all users configured in the /etc/cifs/cifsPasswd file, type:

1

#net user
To delete a user from the encrypted passwords database, type:

1

#net user username /delete

Overview of SMBFS

AIX SMBFS is the client software that allows AIX servers to mount shares and exports from the SMB server like Windows XP, Windows 2003, Windows 2000, Windows NT, or Windows 98 operating systems into the AIX Virtual File System (VFS). This eliminates the need to install the NFS servers on the PC clients and to enhance the file sharing between SMB servers and AIX through the VFS interface.

Components that make SMBFS

The device driver for a pseudo device—This driver allows SMBFS to communicate with the SMB server in case it needs to initiate a reconnection or finish receiving a multi-packet response without the need to stop all threads that are performing file operations.
The file system interface—This interface supports VFS and vnode operations.
The SMB interface—This interface generates and retrieves SMB information.

Basic configuration

AIX SMBFS requires the installation of the following filesets:

Package	Description
bos.cifs_fs.rte	Run time for SMBFS
bos.cifs_fs.smit	SMIT Interface for SMBFS

On the server side, share the folder that has to be exported to AIX. Right-click on Select Sharing and Security > Share this Folder > Permissions tab > Check all the permissions - Full control, Change, and Read > Apply and OK.
Figure 7. Sharing a folder
tstcifs is the shared folder, and the share name is tstcifs.
Figure 8. The shared folder
On the client side, execute the following to mount the shares of the windows:
- Enter the following to ensure that the nsmb0 device is in the available state. The device is a pseudo device that helps SMBFS to communicate with the SMB server (Windows):
  
  #lsdev -l nsmb0
- If the device is not present, run /etc/mkcifs_fs, which creates the nsmb0 device and brings it to the available state.
- Run the following to create a mount point and give the full permission to the mount point.
  
  #mkdir /mnt #chmod 777 /mnt
- Run the mount command:
  
  #mount -v cifs -n (servername)/username/password /(sharename) /(mountpoint)
Figure 9. The shared folder

The main functionality of the mount command is:
1. To create a SMBIOD thread (It is the parent thread of SMBFS; It is a kernel thread that creates the session and manages the connection. It also helps in sending and receiving the requests and responses between the server and the client. Every mount performed on AIX has a corresponding smbiod thread.)
2. To establish the network (NETBIOS) connection between the server and the client
3. To create a TREE CONNECT (directory structure of Windows is put in the mount point of AIX box)