test

TotalNET Advanced Server 5.2 Reference Manual

tnservice

This command lists, adds, modifies, and deletes TAS service configuration options. The TAS environment includes file, printer, terminal, and NVT services. TAS provides services for each supported realm over each realm's transport protocols, unless restricted by the transport attribute of the service:

Services share resources to clients. Each consists of a proper service name, a colon, and a service type string (file, term or nvt) and uses the following format:

servicename:servicetype

A system may have any number of services defined in each of its supported realms and service types. Each service consists of numerous attributes, volume references, printer references, attach points, and client contexts.

Location

TNHOME/usr/sbin

Usage

tnservice [-L [-r realm]]
tnservice [-R [-r realm [-s service [{-a attribute}]]]
tnservice [(-A|-M) -r realm -s service {-a attribute=value}]
tnservice [-D -r realm -s service]

Options

Attributes

Attributes for all services:

Attributes for file services:

aliases

This attribute designates a list of service names that alias the given service in the LM-NT-OS/2 realm. Clients access the service through the aliases and the base name. Aliases must adhere to all the rules for legal service names in the realm and have the same service type as the base service. Each service name and alias can occur only once in the network. An alias name must not conflict with any service name or any other alias of any service. This facility can define a single LM-NT-OS/2 file service available under an ordinary name and as the default CIFS service--the one accessed when the client specifies an IP address instead of a DNS name. Do this by specifying the alias *smbserver:file for the service.

Usage:

tnservice -M -r realm -s service -a aliases=value

command

This attribute designates the UNIX command line to execute when a client makes a connection to the defined service. The UNIX shell does not interpret the command, so you cannot use shell services like quoting, wildcards, and redirection. You may include any valid parameters for the UNIX command.

Usage:

tnservice -M -r realm -s service -a command=UNIX-command

description

This attribute designates a textual description of the service. No default exists. You may need to enclose text in quotes.

Usage:

tnservice -M -r realm -s service a description=string

home

This attribute designates the full, absolute path to the home directory of the service. Use this option only when you need to have the service's working directory differ from the realm's home directory.

Usage:

tnservice -M -r realm -s service -a home=path

persistent

This attribute designates the service control. If you mark a service as "persistent", the service starts when you enable it and runs autonomously thereafter. Non-persistent services start with each incoming connection. The NetWare realm can have persistent file or NVT services.

Usage:

tnservice -M -r realm -s service -a persistent={on|off}

plex

This attribute controls whether the network claims an LM-NT-OS/2 service name as a "unique" or "group" NetBIOS name. It defaults to unique, so the service name that this file defines occurs only once on the network. Specifying group indicates that other NetBIOS services of the same name may exist on the network.

Usage:

tnservice -M -r realm -s service -a plex={unique|group}

template-only

This attribute creates a template. If you mark an object as a template by setting this attribute to on, the system treats the object as a real object, but it has no effect on the system's runtime behavior. During installation, TAS creates templates with conventional names that reflect the objects. Templates define default values for the creation of new objects. When you set this attribute to off, the object becomes real.

Usage:

tnservice -M -r realm -s service -a template-only={on|off}

transport

This attribute designates the possible protocol stacks for the service. No default exists. LM-NT-OS/2 realm services use the tcpip and tnnbu transports. NetWare realm services use the tnipx transport. AppleTalk realm services use the tnatk transport.

Usage:

tnservice -M -r realm -s service a transport={tcpip|tnnbu|tnipx|tnatk}

umask

This attribute sets the file-creation mode mask for the service. Umask, a three-digit octal-number, represents the UNIX file-creation mode mask to use. It defines the access restrictions, called "permissions", to set for files and directories. The permissions define which users can read, write, and execute/access files or directories. The first digit of the octal-number indicates permissions for the owner of the file or directory. The second digit indicates permissions for users with the same group ID as the file's owner. The third digit sets permissions for the rest of the network's users.

You can define permissions by taking the values for the permissions you want to deny and adding them to 0. The value 7 denies all access rights, and the value 0 grants all access rights. The "read" permission has a value of 4, "write" has a value of 2, and "execute" has a value of 1--for directories, this equates to the "search" permission. The umask defaults to 077, indicating full permissions for the user and no permissions for anyone else.

The following table lists permission configurations:

Umask Number 

File Permission 

Directory Permission 

rw- 

rwx 

rw- 

rw- 

r-- 

r-x 

r-- 

r-- 

-w- 

-wx 

-w- 

-w- 

--- 

--x 

--- 

--- 

For example, you might use the following directory permission for the umask:

Umask Number 

File Permission 

Directory Permission 

033 

-rwxr--r-- 

drwxr--r-- 

In this case, the owner can read, write, and execute files in that directory; the group can only read files in the directory; and everyone else can only read files in the directory.

DOS and Macintosh operating systems do not distinguish between reading and executing a file, so these systems ignore the "execute" permission. For directories, it still means "search" permission. If other DOS or Macintosh users need to run programs owned by the user, they need to have "read" permission. The Macintosh operating system determines the protection setting for new file folders.

You can set the umask for specific volumes by using the umask option of the volume command for that volume. For more information on the UNIX file-creation mode mask, refer to the UNIX man pages for umask and chmod.

Usage:

tnservice -M -r realm -s service -a umask=octal-number

user

This attribute designates the UNIX user identity you should assume when you execute the UNIX command line given in the command for the service. This attribute defaults to root. In addition to inheriting the specified user identity, the server process also inherits the appropriate group list for the specified user name.

Usage:

tnservice -M -r realm -s service -a user=username

activity

This attribute controls activity logging. It specifies whether the file service maintains an activity log. It defaults to off--no log. If set to on, this attribute causes the file service to record connection activity statistics in the activity log file that resides in the TotalNET home directory. This attribute applies only to file services.

Usage:

tnservice -M -r realm -s service -a activity={on|off}

attdefault

This attribute designates the default attach point for redirected drives in LM-NT-OS/2 file services. When a client redirects a drive to the defined file service without specifying a volume or an attach point, this attribute defines the default attach point. If you do not specify a default attach point, this attribute defaults to the first volume referenced in the file service configuration sections for the service to which the client connects. You can override this attribute by assigning a default attach point to a user's configuration file.

Usage:

tnservice -M -r realm -s service
 	-a attdefault={volumename|attachname}

authent-proxy

This attribute designates a list of proxy servers that can authenticate users for TAS in the LM-NT-OS/2 and NetWare realms. If you configure this attribute, all login requests go to the proxy for processing. A user receives resource access if the proxy server returns valid authentication, as long as the user name has validity on the host server as well. By default, the user's server authenticates logins.

The proxy does not need to reside on the same host or serve as a TAS service; however, the proxy should belong to the realm of the TAS host. For example, you should specify an SMB server to authenticate passwords for the LM-NT-OS/2 realm, a Novell NetWare server to authenticate passwords for the NetWare realm, and so on.

For this attribute, the service variable represents the name of the proxy service on another TAS host authenticating passwords. The service must have the same native protocol as the service for which it provides password authentication. If the service does not reside on a TAS host, then service represents the machine name for the service. For example, if the service resides on a TAS host server called server1, you would set up this service as an authentication proxy using the following command:

tnservice -A -r realm -s service -a authent-proxy=server1:file

You should always designate file as the service type for authent-proxy. This attribute does not work you set the value of share-mode to on. The client-encryption attribute does not work when you set authent-proxy, because session setups forward to the proxy server and incur local disregard.

Usage:

tnservice -M -r realm -s service -a authent-proxy=servicename:service-type

browse-election-bias

This attribute determines how hard the service should attempt to win the browse-master election in the LM-NT-OS/2 realm. It must have a value from 0 to 255. A value of 255 causes the service to try as hard as possible to win the election. A value of 0 prevents the service from participating in browse elections. Default values for potential browse-masters reflect the operating system of the host, as follows:

Usage:

tnservice -M -r realm -s service -a browse-election-bias=0-255

browse-election-version

This attribute tunes browser elections in the LM-NT-OS/2 realm, along with the browse-election-bias attribute. It must have a value from 0 to 65536. TAS uses this parameter in browse master elections to decide between two hosts with the same operating system. A value of 65535 causes the service to try as hard as possible to win the election. A value of 0 prevents the service from participating in browse elections. This attribute has no effect if you set the browse-master attribute to off.

Usage:

tnservice -M -r realm -s service -a browse-election-version=0-65535

browse-master

This attribute determines whether this service should participate in elections and attempt to become a browse master in the LM-NT-OS/2 realm. If you set this attribute to off, the service does not attempt to become browse master for its network segment. If you set this attribute to on, the service attempts to become browse master for its segment. If you set this attribute to domain, the service becomes the domain browse master; this means that it becomes browse master for its network segment by means of rigged elections. You may only configure one service in a domain as the domain browse master. This includes file services from all vendors, not just TotalNET file services. This attribute defaults to off.

Usage:

tnservice -M -r realm -s service -a browse-master={on|off|domain}

browse-user

This attribute designates the UNIX user identity for LM-NT-OS/2 realm clients who log in solely for browsing. This attribute defaults to the TotalNET administrator, the admin-user attribute of the system object, which prevents clients from logging in. This attribute has no effect if you set the browse-master attribute to off.

Usage:

tnservice -M [-r realm][-s service] a browse-user=username

cachesize

This attribute specifies the number of entries that the directory cache should maintain for the defined LM-NT-OS/2 file service. It defaults to 5.

Usage:

tnservice -M -r NB -s service -a cachesize=size

chpass

This attribute specifies whether clients can change their passwords through the AppleTalk file service. It defaults to off.

Usage:

tnservice -M -r AT -s service -a chpass={on|off}

client-charset

This attribute designates the name of the character set used by clients of the service. If you do not specify this, the file service process chooses a default based on the realm and the negotiated properties of the client.

Usage:

tnservice -M -r realm -s service -a client-charset=name

client-encryption

This attribute specifies whether the defined file service accepts encrypted client passwords. It defaults to off. If you leave this attribute off, TAS expects clear-text passwords. If you set this attribute to on, TAS uses password files on its host. Passwords sent by clients receive encryption according to the method appropriate to that realm. You can add passwords to the TotalNET password database using tnpasswd. TAS ignores this attribute if you define authent-proxy.

Usage:

tnservice -M -r realm -s service -a client-encryption={on|off}

clienttime

This attribute specifies whether TAS honors the client time stamp values as file modification times in the LM-NT-OS/2 and AppleTalk realms. This attribute defaults to off, so TAS uses the server's system time to set file modification time stamps for all files. When you set this attribute to on, TAS uses the client's system time. The client time setting in a user's configuration file can override this attribute.

Usage:

tnservice -M -r {NB|AT} -s service -a clienttime={on|off}

commandpath

This attribute has the same effect for remote command execution that the PATH environment variable has for ordinary UNIX shell commands. The path follows the form unixdir[:unixdir]..., where unixdir represents any valid directory on the server. UNIX does not check the current directory when searching for the program to execute. Enter a period (.) as a unixdir value to have the current directory checked. When you give more than one directory, separate them with colons (:). Do not use spaces. The path can contain no more than 256 characters. This attribute defaults to /usr/bin:/bin. A commandpath attribute in a user's configuration file can override this attribute.

Usage:

tnservice -M -r realm -s service -a commandpath=path

db-update-interval

This attribute specifies the frequency of client database and resource statistics updates. It defaults to 120. If you set this attribute to 0 or a negative number, TAS never updates the database.

Usage:

tnservice -M -r realm -s service -a db-update-interval=seconds

dce-authentication

If you define this attribute, the specified file service uses DCE security rather than the native UNIX password security, such as NIS. If you define a different authentication method--for example, if you set the client-encryption or share-mode attribute to on, or if you define authent-proxy--it takes precedence over DCE security. This attribute only works when you install the TAS-DCE package. This attribute does not control the acquisition of DCE credentials. DCE-enabled host systems always acquire appropriate DCE credentials, if possible.

Usage:

tnservice -M -r realm -s service -a dce-authentication={on|off}

dfreport

This attribute specifies the method for calculating free disk space. If you set it to all, the default, TAS reports all free disk space on all partitions to clients. Systems that do not support the UNIX statfs() system call or its equivalent do not support this options. If you set this attribute to root, TAS reports only the free disk space on the partition in which the virtual root of the client's connection resides. A freespace report attribute in a user's configuration file can override this attribute.

Usage:

tnservice -M -r realm -s service -a dfreport={all|root}

guest

This attribute provides a UNIX user name for guest logins to AppleTalk realm file services.

Usage:

tnservice -M -r realm -s service -a guest=username

keepalive

This attribute enables LM-NT-OS/2 and NetWare file service connection processes to detect and close incorrectly-terminated client sessions, such as when a user turns off a client PC with a session open. You do not need to use this attribute unless the transport protocol does not provide its own keepalive function. The number variable represents the time interval, in minutes, between checks for dead connections. This attribute defaults to 0, which means the server does not use keepalives.

Usage:

tnservice -M -r {NB|NW} -s service -a keepalive=number

lm-announce

This attribute supports browsing operations by old-fashioned LM-NT-OS/2 clients that do not attempt to contact a browse master. If such clients do not exist on the network, this attribute defaults to off.

Usage:

tnservice -M -r NB -s service -a lm-announce={on|off}

login-control

This attribute defines whether a list of users can access a file service. You may enter allow or deny, followed by a list of UNIX user names separated by commas. If you define allow, TAS grants only the defined users access to the file service. If you define deny, TAS denies only the defined users access to the file service. If you define neither of these attributes, TAS grants access to all UNIX users. In the LM-NT-OS/2 realm, this attribute also has no effect if you set the share-mode attribute to on.

If defined, this attribute takes precedence over the no-login attribute. If you define both the login-control and no-login attributes for a service, which you should not do, TAS ignores the no-login attribute. You should use this attribute for login control of file services, since future releases will not support the no-login attribute.

Usage:

tnservice -M -r realm -s service -a login-control={allow|deny} username...

machine

This attribute specifies the machine type for AppleTalk "GetServerInfo" responses. The field value string describes the server's hardware or operating system. This attribute reports a null string by default.

Usage:

tnservice -M -r realm -s service -a machine=string

max-conns

This attribute specifies the maximum number of simultaneous connections that the defined NetWare service should allow. It defaults to the licensed user limit.

Usage:

tnservice -M -r NW -s service -a max-conns=number

netiosize

This attribute restricts packet size negotiations with NetWare realm clients. By default, no restrictions occur. When you define a value for netiosize, that value becomes the maximum size of packets sent to the client.

Usage:

tnservice -M -r NW -s service -a netiosize=number

nice

This attribute determines the UNIX process priority for the defined service. Define a decimal integer from -20 to +19 to pass to the UNIX nice() system call. A positive number decreases the priority; a negative number increases it. This attribute defaults to -5, which gives the process a higher priority than the UNIX default. For example, a value to 5 causes the value to increase from the default value (-5) by a factor of 10. For more information on process priorities, see the UNIX man page for nice.

Usage:

tnservice -M -r realm -s service -a nice=number

no-login

If you define this attribute, TAS does not allow the listed UNIX users to connect. By default, this attribute has no definition. This attribute does not apply to LM-NT-OS/2 services with a share-mode=on setting.

Usage:

tnservice -M -r realm -s service -a no-login=username...

null-group

This attribute identifies a UNIX group that can replace a deleted group trustee--a user or group with special permissions regarding an entrusted file or directory--of a NetWare realm file service. By default, this attribute has no definition. If you do not identify a group trustee when you use this attribute, the file owner's UNIX group becomes the trustee.

Usage:

tnservice -M -r NW -s service -a null-group=groupid

null-passwd-login

This attribute determines whether users with "null" UNIX passwords can connect to the host through TAS using the defined file service. This attribute defaults to off, which denies users without passwords access to the server. You can use this attribute to provide access through a null password guest account. This attribute only applies to services with client-encryption set to off, and it does not work for share mode file services in the LM-NT-OS/2 realm. The file service checks this attribute before sending the password to an authentication proxy server, if you define authent-proxy.

Usage:

tnservice -M -r realm -s service -a null-passwd-login={on|off}

openfiles

This attribute specifies the maximum number of files that the TAS file service may have open simultaneously.

Usage:

tnservice -M -r realm -s service -a openfiles=number

packet-burst

This attribute specifies whether the NetWare realm file service allows packet burst mode. If you set this attribute to off, the NW file service does not allow packet burst mode. It defaults to on.

Usage:

tnservice -M -r realm -s service -a packet-burst={on|off}

passwdage

This attribute specifies whether TAS supports password aging. It only applies to systems that implement UNIX System V password aging. If you set this attribute to on, the system does not allow users with aged password entries. This attribute defaults to off, which causes TAS to ignore password aging.

Usage:

tnservice -M -r realm -s service -a passwdage={on|off}

prdefault

This attribute specifies the printer to receive print jobs by redirecting a printer port and without specifying a printer name. Define the printername variable as you would for a normal UNIX platform, specifying one of this file service's referenced printers. When a client connects to the server for print service with the command net use lpt1 \\servicename [username password], TAS routes the print jobs to printername at servername. A default printer attribute in a user's configuration file can override this attribute.

Usage:

tnservice -M -r realm -s service -a prdefault=printername

prelip-rpktsize

This attribute designates the packet size restrictions for old NetWare clients located behind a router. It defaults to 576, which means no packet size restrictions occur.

Usage:

tnservice -M -r NW -s service -a prelip-rpktsize=size

preserve-whitespace

When you activate this attribute, UNIX displays spaces and tabs in the service name. You can set this attribute to off when using a UNIX application that has difficulty with file names containing white spaces. It defaults to on.

Usage:

tnservice -M -r realm -s service -a preserve-whitespace={on|off}

restrictdcm

This attribute controls the handling of DOS compatibility mode file sharing. It defaults to off.

Usage:

tnservice -M -r realm -s service -a restrictdcm={on|off}

savepass

This attribute specifies the option for AppleTalk clients to save passwords locally for later use. It defaults to off.

Usage:

tnservice -M -r realm -s service -a savepass={on|off}

searchcount

This attribute controls the allocation of directory-search contexts in the LM-NT-OS/2 and NetWare realms. This attribute defaults to 100 in the LM-NT-OS/2 realm, which means no directory-search context control occurs. You should not change this attribute from its default value.

Usage:

tnservice -M -r realm -s service -a searchcount=value

share-mode

This attribute specifies the security mode of the defined LM-NT-OS/2 realm file service. This attribute defaults to off, which means TAS implements user-level security for the service. If you set this attribute to on, TAS uses share-level security mode for the defined LM-NT-OS/2 file service.

Usage:

tnservice -M -r realm -s service a share-mode={on|off}

share-user

This attribute specifies the UNIX user name for share-level security mode access to the defined volume. This attribute applies only if the service exists and only if you set the share-mode attribute for the service to on.

Usage:

tnservice -M -r realm -s service -a share-user=username

smb-protocol-level

The name of an SMB sub-protocol for negotiation with clients, in the LM-NT-OS/2 realm. Currently, you can use the following values: core, lanman1.0, lanman2.0, and lanman2.1. Future releases will support more values. The value of this attribute represents the highest protocol level that the server uses in negotiating protocols with a client. The client can choose any protocol level up to the one specified by this attribute. This attribute takes precedence over the coreonly attribute, which TAS no longer supports. You may achieve the same effect as coreonly on with smb-protocol-level core.

Usage:

tnservice -M -r NB -s service
 	-a smb-protocol-level={core|lanman 1.0|
 	lanman 2.0|lanman 2.1}

spooldir

This attribute specifies the directory path at which spooling occurs for LM-NT-OS/2 service print jobs. Give the full path name of a valid UNIX directory with permission mode 777 (see "umask""umask). This attribute defaults to /tmp. On some UNIX systems, you should not use /tmp, because a set sticky bit may prevent the system from deleting spooled files after printing.

Usage:

tnservice -M -r NB -s service -a spooldir=path

trace

This attribute controls operations tracing in programs.

Usage:

tnservice -M -r realm -s service -a trace=string

user-map

This attribute specifies the name of a file service user map for TAS to use when converting externally-supplied user names into internal ones. If you set authent-proxy to on, TAS authenticates the external name and then converts it to its corresponding internal name; otherwise, TAS authenticates the internal name as usual. If you set client-encryption to on, TAS treats the internal name as a TAS user. Otherwise, TAS treats the internal name as a UNIX user.

If you do not define this attribute, TAS does not use a user map. This means that TAS assumes clients supply internal names--UNIX user names or TAS user names--for user names.

Usage:

tnservice -M -r realm -s service -a user-map=name

windows95-logon

If you set this attribute to on, TAS becomes the Windows 95 logon master for its LM-NT-OS/2 realm domain. A domain can contain only one active logon master.

Usage:

tnservice -M -r NB -s service -a windows95-logon={on|off}

Examples

  1. Use one of the following commands to list all available services for the entire system:


    tnservice
tnservice -L

    Sample Output:

    NB 

     

    myhost:file 

     

    myhost:tty:term 

    NW 

     

    nwmyhost:file 

     

    nwmyhost:term 

     

    nwmyhost:nvt 

  2. Use the following command to list the values of all attributes for all services in all realms:


    tnservice -R

    Sample Output:

    NB 

     

     

    myhost:file 

     

     

     

    command=/opt/TAS/tn/NB/LMfile 

     

     

    description=test server 

     

     

    plex=unique 

     

     

    persistent=off 

     

     

    template-only=off 

     

     

    state=enabled 

     

    myhost:tty:term 

     

     

     

    template-only=on 

     

     

    transport=tcpip,tnnbu 

     

     

    command=/opt/TAS/tn/NB/NBtty 

     

     

    state=disabled 

    NW 

     

     

    nwmyhost:file 

     

     

     

    template-only=off 

     

     

    command=/opt/TAS/tn/NW/NWfile 

     

     

    persistent=on 

     

     

    activity=off 

     

     

    clienttime=off 

     

     

    dfreport=all 

     

     

    null-group=4095 

     

     

    null-passwd-login=off 

     

     

    state=enabled 

     

    nwmyhost:term 

     

     

     

    template-only=on 

     

     

    command=/opt/TAS/tn/NW/NWtty 

     

     

    state=disabled 

     

    nwmyhost:nvt 

     

     

     

    template-only=on 

     

     

    command=/opt/TAS/tn/NW/NWnvtd 

     

     

    persistent=on 

     

     

    state=disabled 

  3. Use the following command to list the value of the command attribute for the file service myhost in the LM-NT-OS/2 realm:


    tnservice -R -r NB -s myhost:file -a command

    Sample Output:


    command=/opt/TAS/tn/NB/LMfile

  4. Use the following command to modify the activity attribute for the file service nwmyhost in the NetWare realm:


    tnservice -M -r NW -s nwmyhost:file -a activity=on

  5. Use the command below to delete the terminal service nwmyhost from the NetWare realm. If you delete every service in a realm, you do not delete the realm itself.


    tnservice -D -r NW -s myhost:term