Appendix B Setting Up PCNFSD

This chapter provides background information and instructions for installing the authentication server daemon on a UNIX server.

You can read background and procedural information throughout this appendix, or use these references to go directly to a specific topic.

• "UNIX Server Requirements"

• "PCNFSD Daemon Overview"

• "Services Provided by rpc.pcnfsd"

• "Deciding Where to Install rpc.pcnfsd"

• "Determining if rpc.pcnfsd Is Already Installed"

• "Installing rpc.pcnfsd"

• "Upgrading the PCNFSD Daemon"

• "Configuring the PCNFSD Daemon"

• "Non-SunOS Platforms Installation"

UNIX Server Requirements

You can install the pcnfsd server software on one of the following:

• Sun-3^TM, Sun-4^TM, or SPARCstation^TM servers running SunOS^TM operating system version 5.4 or compatible versions

• Sun-3, Sun-4, or SPARCstation servers running SunOS operating system version 4.0 or compatible versions for rpc.pcnfs daemon installation only

• Intel-based PCs running the SunOS 5.4 operating system or compatible versions

• Other NFS servers such as a Digital Equipment Corporation system running the Ultrix operating system. (Contact your local Solstice NFS Client distributor or service provider for more information.)

PCNFSD Daemon Overview

The PCNFSD daemon, rpc.pcnfsd, provides user authentication services that allow the Solstice Network Client to access files on any NFS server in the network. The daemon also provides access to PCNFSD-based printing. Using these services requires you to install rpc.pcnfsd on at least one server in your network.

The PCNFSD daemon runs continuously on a UNIX server to service requests for user authentication and for printing to network printers. The rpc.pcnfsd daemon is based on Sun's remote procedure call (RPC) services. Programs running on the PC make remote procedure calls to the rpc.pcnfsd program running on a UNIX server.

Although not part of the PCNFSD services, Solstice Network Client provides support for user views and client management using the PCNFSD server.

Services Provided by rpc.pcnfsd

The rpc.pcnfsd daemon provides the following services:

• Authentication - PC users can identify themselves to the network and be granted appropriate privileges for file access and program execution.

• Access to printer spooling services - PC users can send printing requests to printers attached to servers on the network.

Authentication and System Security

A Solstice Network Client user can log in to the Solstice network in much the same way as the user can log in to a UNIX system. The Login program takes the user name and password, encrypts them, and calls the authentication procedure in rpc.pcnfsd on the authentication server. If this procedure succeeds, it returns a user ID and a group ID to be used when constructing the credentials for the user. These credentials are used for subsequent NFS file access. If the user name and password are not found, then authentication fails and the user is denied access.

The authentication server may also return secondary group membership, umask, and home directory information (such as server name and home directory path name).

Solstice NFS Client users who do not log in to the network have no access to the Solstice network.

Shared Printer Support

The rpc.pcnfsd daemon provides users with the following printing services:

• Connecting to a network printer and starting a print job

• Browsing for network printers

• Viewing network print queues

• Canceling or removing print jobs in network print queues

In order to support NFS print services, you must export the spool directory on the pcnfsd server. The spool directory has the default name of /var/spool on a SunOS 5.4 operating system or compatible versions and /usr/spool on a SunOS 4.0 operating system or compatible versions.

By exporting /var or /var/spool or /usr/spool, printing should work correctly. You cannot simply export the root directory ("/").

Support for User Views and Site Policies

For Windows 95 and Windows NT users, a system administrator can create a directory on the PCNFSD server that contains user profiles and system policy files. Storing user profiles on the PCNFSD server allows users to have an identity separate from the machine on which they are working. Users can carry their preferences with them whenever they log in to any PC in the network.

The system administrator can use centrally located policy files to manage clients by customizing the desktops, configuring network settings, and restricting access to applications and options.

Support for user views and site policies requires the administrator to create a directory on the PCNFSD server called /opt/MSPolicy. For more information about managing Windows 95 and NT clients see Chapter 6, Managing Work Environments.

Determining if rpc.pcnfsd Is Already Installed

If rpc.pcnfsd is already installed, you do not need to reinstall it. However, the SUNWpcnfd package includes a multi-threaded version of rpc.pcnfsd that allows greater numbers of simultaneous logins than earlier versions (in Solstice Network Client 3.1 Plus and earlier).

To see if rpc.pcnfsd is installed on a server, use one of the following methods:

• Use the ps command to list all processes by name, and check if rpc.pcnfsd is among them.

• Use the ls command to see if rpc.pcnfsd is present in any of the following directories: /opt/SUNWpcnfs/sbin (SunOS 5.4 operating systems and compatible versions only), /etc, /usr/etc, /usr/lib, /bin, or /usr/bin.

To See if rpc.pcnfsd Is Installed

On the server with a SunOS 4.0 operating system or compatible version, enter ls /usr/etc/rpc.pcnfsd.

See if the output shows that the rpc.pcnfsd daemon is already installed. You may also list other directories such as /etc/usr/bin, /bin, and /usr/lib, in case it is not in the expected directory.

On a server with a SunOS 5.4 operating system or compatible version, enter ls /opt/SUNWpcnfs/sbin/rpc.pcnfsd. See if the output shows that the rpc.pcnfsd daemon is already installed.

To See if rpc.pcnfsd Is Running

On a server with a SunOS 4.0 operating system or compatible version, enter ps -ax | grep rpc.pcnfsd.

See if the output shows that the daemon is already running.

On a server with a SunOS 5.4 operating system or compatible version, enter ps -ef | grep rpc.pcnfsd.

See if the output shows that the daemon is already running.

Deciding Where to Install rpc.pcnfsd

You can install and run rpc.pcnfsd on a single server, on several servers, or on all servers on the network.

If you run rpc.pcnfsd on a single server, this machine will be used for all PCNFSD authentication and printing. In this case, make sure this server is always available and is accessible to all client computers. When the PC user configures Solstice Network Client software, the user can identify this server by name, and the software will always try to use this server for authentication.

This method has disadvantages, however, particularly in a large network. For example, if there is only one PCNFSD server and it fails, users will not be able to log in or print from their computer to a network printer. Also, a client may not be able to access the PCNFSD server if a router in the network fails.

It is better to run rpc.pcnfsd on several servers on the network. Users can enter the server's name or IP address when they set up Solstice Network Client software, or they can broadcast for a PCNFSD server on the local subnetwork by entering an asterisk (*) rather than a server name or IP address.

---

Note -

You do not need to reinstall the SUNWpcnfd package if your server is already running the PCNFSD daemon.

---

Installing rpc.pcnfsd

The Solstice Network Client CD-ROM contains software to install the rpc.pcnfsd version 2 daemon on a Sun server running the SunOS 4.0 operating system or compatible versions or the SunOS 5.4 operating system or compatible versions. For non-SunOS platforms, the CD-ROM contains the source files that allow you to build and install binaries on other UNIX servers.

To Install rpc.pcnfsd on a Server Running the SunOS 5.4 Operating System or compatible Verstions

1. Move to the product installation page, to the section marked Server Components, and click SPARC or x86 to download the correct version of the server software to your machine.

   The compressed tar file is copied to your system (pkgs.sparc.tar.Z or pkgs.i386.tar.Z, depending on your operating system).

2. Uncompress the file. For example, on a SPARC system, type

   uncompress pkgs.sparc.tar.Z 

3. Extract the files. For example, for a SPARC system, type

   tar xvf pkgs.sparc.tar

   This creates four packages: SUNWipop, SUNWlit, SUNWlicsw, and SUNWpcnfsd. You can then run the pkgadd utility in this directory to install the software on your system.

4. Become superuser.

5. Enter the following command:

   pkgadd -d `pwd`

   ---

   Note -

   If you change to the directory where you installed the packages, you can type: pkgadd -d.

   ---

   When you press Return, the pkgadd program displays information for the SPARC architecture and similar information for Intel, as in the following example.

   The following packages are available: 1 SUNWipop Solstice Internet Mail POP3 server (sparc) 1.0 2 SUNWlicsw FlexLM License System (sparc) 5.12a 3 SUNWlit STE License Installation Tool (sparc) 4.0 4 SUNWpcnfd PC-NFSpro Daemons (sparc) 1.2 Select package(s) you wish to process (or 'all' to process all packages). (default: all) [?,??,q]:

6. Enter the number 4 to select the PCNFSD daemon package.

   During the installation, you are prompted for permission to execute with superuser privileges. Answer yes to each request.

   When the package has been installed, the original pkgadd screen is displayed.

   The pkgadd program stops related server daemons already running, starts the server components, and copies a script to the init.d directory to start these components each time you reboot the machine.

7. Set the man page path or add the man pages to your man page directory.

   Find out where the man pages are located.

   Enter env and look at MANPATH. For example:

   # env | grep MANPATH
   MANPATH=/usr/share/man:/usr/man

8. Copy the man page for pcnfsd.1m into section 1M. For example:

   # cp /opt/SUNWpcnfs/man/pcnfsd.1m /usr/share/man/man1m
   

9. If necessary, create a pcnfsd configuration file, /etc/pcnfsd.conf.

   This file is used to contain configuration information for PCNFSD printing. (See "Configuring the PCNFSD Daemon".) Refer to the man page pcnfsd(1m) for information about this file.

10. Once rpc.pcnfsd starts, you must export the print spool directory created by rpc.pcnfsd.

    For example:

    # share -F nfs /var/spool
    # echo share -F nfs /var/spool >> /etc/dfs/dfstab
    

11. If you are supporting user and group polices for your Solstice clients, create a directory for policy files called /opt/MSPolicy.

To Install rpc.pcnfd on a Server Running the SunOS 4.0 Operating System or Compatible Versions

1. Move to the product installation page, to the section marked Server Components, and click SPARC or x86 to download the correct version of the server software to your machine.

   The compressed tar file is copied to your system (pkgs.sparc.tar.Z or pkgs.i386.tar.Z, depending on your operating system).

2. Uncompress the file. For example, on a SPARC system, type

   uncompress pkgs.sparc.tar.Z 

3. Extract the files. For example, for a SPARC system, type

   tar xvf pkgs.sparc.tar

   This creates four packages: SUNWipop, SUNWlit, SUNWlicsw, and SUNWpcnfsd. You can then run the pkgadd utility in this directory to install then software on your system.

4. Become superuser.

5. Make a working directory in the /var directory.

   For example, enter mkdir /var/tmp/sunw

6. Enter the shell command to install the rpc.pcnfsd daemon.

   Enter ./addpcnfsd.sh to install rpc.pcnfsd.

   As you enter these commands, you are asked whether you want to start the daemon each time the machine is rebooted, and where you want to install the executable files. (The default directory is /usr/etc.)

7. If necessary, create a rpc.pcnfsd configuration file /etc/pcnfsd.conf.

   (See "Configuring the PCNFSD Daemon".) Refer to the man page pcnfsd(8) for information about this file.

8. Enter the /usr/etc/exportfs /usr/spool/pcnfs command to export the print-spool directory.

   The directory /usr/spool/pcnfs is created by rpc.pcnfsd and must be exported. You should also add an entry to the /etc/exports file, so the directory is exported whenever the server reboots. For example:

   # /usr/etc/exportfs /usr/spool  	
   # echo /usr/spool >> /etc/exports
   

Upgrading the PCNFSD Daemon

There are two versions of the PCNFSD protocol:

• Version 1 of PCNFSD - This version was developed prior to PC-NFS version 4.0. The rpc.pcnfsd version 1 daemon provides user authentication and basic printing services. This version can run only with the SunOS 4.0 operating system or compatible versions.

• Version 2 of PCNFSD - The latest version of the PCNFSD protocol, version 2 was developed for the 4.0 release of the PC-NFS^TM product. It provides expanded user authentication and enhanced printing services. The current release of the rpc.pcnfsd daemon supports both version 1 and version 2 of the PCNFSD protocol. Version 2 runs on both SunOS 4.0 and 5.4 operating systems and compatible versions.

The current release of the rpc.pcnfsd daemon supports both version 1 and version 2 of the PCNFSD protocol. Source code and binary programs of this daemon are included on the CD-ROM for installation on a SunOS 4.0 or 5.4 operating system or compatible version. Daemons are in compressed UNIX tar files for installation on SunOS 4.0 operating systems and compatible versions.

Since version 2 of the daemon can support existing PC-NFS software users (with one compatibility issue, see Note following), you should replace existing version 1 rpc.pcnfsd server daemons with version 2. If you do not, users may find that certain features of Solstice Network Client will not work. To upgrade rpc.pcnfsd on SunOS 4.0 servers or compatible versions, follow the procedure "To Upgrade rpc.pcnfsd on a Server Running the SunOS 4.0 Operating System or Compatible Version".

---

Note -

The rpc.pcnfsd version 2 daemon recognizes only those printer names listed by the UNIX lpstat -t command. Run this command on the print server to determine the printer names that the rpc.pcnfsd daemon will recognize. This is different from the rpc.pcnfsd version 1, which allows you to use any names associated with a particular printer.

---

To Determine if Version 2 Is Running

On a system running the SunOS 4.0 or 5.4 operating system or compatible version, enter:

rpcinfo -u servername 150001 2

If version 2 of rpc.pcnfsd is running, you will see the following message:

	proc 150001 vers 2 ready and waiting

If the server is running the old version of rpc.pcnfsd or if rpc.pcnfsd is not running, you will see the following message:

proc 150001 version 2 is not available

To Determine if Version 1 Is Running

On a system running the SunOS 4.0 operating system or compatible version, enter:

rpcinfo -u servername 150001 1

If the server is running the old version of pcnfsd, you will see the following message:

proc 150001 vers 1 ready and waiting

In this case, upgrade to version 2.

If neither version is running, try starting the daemon by entering /usr/etc/rpc.pcnfsd and then check the version.

If that fails, you need to install rpc.pcnfsd.

Source code and binary versions of rpc.pcnfsd are distributed on your Solstice Network Client CD-ROM in compressed UNIX tar files. Before installing the daemon, check your server to see if rpc.pcnfsd is already present. If not, install it using the appropriate installation procedure.

With pcnfsd version 1, you were able to install rpc.pcnfsd so that it was started by the inetd superdaemon. The new rpc.pcnfsd daemon must execute a possibly lengthy configuration sequence each time its starts. To avoid delays--and possible time-outs--you should arrange for the daemon to be invoked from /etc/rc.local (SunOS 4.0 operating system or compatible versions) or by means of a script in the init.d directory (SunOS 5.4 operating system or compatible versions). Do not use inetd.

To Upgrade rpc.pcnfsd on a Server Running the SunOS 4.0 Operating System or Compatible Version

1. If the rpc.pcnfsd daemon is running, stop (kill) it.

   1. Become root.

   2. Determine the rpc.pcnfsd process ID number.

      For example:

      # ps -ax | grep rpc.pcnfsd
      

   3. Enter kill -9 processid number.

2. Rename the rpc.pcnfsd version 1 daemon.

   For example, you might rename /usr/etc/rpc.pcnfsd to /usr/etc/rpc.pcnfsd.v1.

3. Install rpc.pcnfsd version 2 according to the instructions in "To Install rpc.pcnfd on a Server Running the SunOS 4.0 Operating System or Compatible Versions".

4. When you are satisfied that the new rpc.pcnfsd version is working correctly, delete the old version.

Configuring the PCNFSD Daemon

To configure PCNFSD, you must edit the pcnfsd configuration file /etc/pcnfsd.conf. Modify this file if you want to perform any of these tasks:

• Rename the print spool directory

• Define "virtual" printers

• Disable the wtmp compile-time option

• Specify a UID range for authentication and printer security

For details about configuring /etc/pcnfsd.conf, refer to the pcnfsd.1m or pcnfsd.8c man page included on the Solstice distribution media.

For instructions on how to set up and configure print services, see Chapter 5, Printing.

Non-SunOS Platforms Installation

SunSoft supplies C source code for rpc.pcnfsd that you can run on most UNIX servers, including SunOS 4.0 systems and compatible systems. If your server is not one of these, you may need to adapt the source code to your system, and then compile and install the modified version.

Adapting rpc.pcnfsd to environments other than SunOS requires some understanding of what the program does and how it interacts with other software on the server. You may want to contact your system vendor to see if that company has a version of rpc.pcnfsd available for its system. See the section on porting rpc.pcnfsd in the Solstice Network Client Installation and Licensing Guide.