Sun Microsystems
Products & Services
 
Support & Training
 
 

Previous Previous     Contents     Index     Next Next
Appendix A

Microsoft Services For UNIX

Overview

Microsoft Windows Services for UNIX (SFU) makes it possible to integrate some Windows operating systems into existing UNIX environments. It provides components that simplify network administration and user management across the UNIX and Windows platform.

SFU provides Interix a complete, high-performance UNIX environment that provides UNIX shells like csh or ksh, several hundred tools and utilities, and a complete set of development tools and libraries which make it possible to port and use your UNIX-based applications to the Interix subsystem.

Windows Services for UNIX provides:

  • In combination with Sun N1 Grid Engine the ability to integrate Windows hosts into N1GE clusters. This means that the execution and client environment of N1GE can be used on Microsoft Windows hosts.

  • Services and commands to access the network file system (NFS). This makes it possible to share files between the UNIX and Windows environment

  • A user mapping service which might access account and password services on UNIX and Windows systems (PCNFS, NIS)

  • "single sign-on" capability for the Windows and UNIX environment. Passwords can be synchronized and authentication credentials can be mapped between the UNIX and Windows operating systems.

  • The ability to execute UNIX shell scripts and applications to run on Windows-based computers in full-featured UNIX environments.

The following information describes the necessary steps to accomplish the installation of SFU. This document describes:

  • The unsupported N1GE functionality.

  • The SFU system requirements.

  • Information to consider before SFU installation.

  • The location of documentation which troubleshoots some common post installation and operation problems which might occur with SFU.

Unsupported N1GE Functionality

The following parts/applications which are part of a standard N1GE installation on UNIX operating systems are not supported in a Microsoft Windows environment and therefore cannot be used on Windows Hosts:

  • Master and Scheduler (sge_qmaster, sge_shadowd, sge_schedd)

  • Graphical User Interface (qmon)

  • DRMAA

  • CSP

  • qsh client command

System Requirements

The following requirements apply to the installation of Microsoft Services For UNIX.

  • The system must have Internet Explorer version 5.0 or later installed prior to running SFU setup.

  • The minimum hard disk requirements for installing SFU depends on which components you are installing. The maximum disk space requirement to install SFU components is 360 MB. The minimum disk space required is 20 MB. SFU must be installed on a partition that is formatted with the NTFS file system.

  • You cannot install SFU on a system running Microsoft Services for Network File System (for example, Microsoft Services for NFS is a component of Windows Storage Server 2003).

  • You must install the latest Windows service pack before installing SFU and N1GE then continue to install additional Windows service packs as they become available.

You can find more details concerning SFU requirements at http://www.microsoft.com/windows/sfu/default.asp

Services for UNIX Installation

Microsoft's SFU is required to install N1GE successfully. You can download SFU at:http://www.microsoft.com/windows/sfu/default.asp

  1. Get the SFU distribution media.

    If you downloaded SFU, just execute the application to unzip the files into a directory. This directory must be located on a file system that has at least 480 MBytes free space.

  2. Login to the Windows system with the Administrator account.

  3. Start the setup.exe application which was unpacked previously.

    setup screen
  4. Enter your name and organization.

    enter name and org screen
  5. Accept the license agreement for SFU.

    license argreement screen
  6. Now you have to choose between the standard installation and custom installation. The standard installation is recommended.

    install choice screen

    If disk space is limited, you might also choose the custom installation path but make sure that at least following components will be installed:

    Utilities -> Base Utilities    

    Interix Gnu components -> Interix GNU utilities    

    Remote connectivity components -> Telnet Server and Windows Remote Shell    

    If you intend to use NFS shared file systems then you also need: Authentication tools for NFS -> User Mapping and Server for NFS Authentication.    

  7. Depending on the underlying Windows operating system you might be asked two questions concerning the SFU security settings. The following screen shows the recommended selections:

    SFU security settings screen

    The following information is a basic description concerning these two options. If you need further information please consult Microsoft's SFU documentation.

    Enable suid behavior for Interix programs -- According to the POSIX standard, a file has permissions that include bits to set both a UID (setuid) and a GID (setgid) when the file is executed. If either or both bits are set on a file, and a process executes that file, the process gains the UID or GID of the file. When used carefully, this mechanism allows a non-privileged user to execute programs that run with the higher privileges of the filers owner or group. When used incorrectly, however, this behavior can present security risks by allowing nonprivileged users to perform actions that should only be performed by an administrator. For this reason, Windows Services for UNIX Setup does not enable support for this mechanism by default.

    You should enable support for setuid behavior because N1GE will be running programs that require this support. Even if you do not enable support for setuid behavior when installing Windows Services for UNIX, you can enable it later.

    Changing Default Behavior to Case Sensitivity -- You might be required to choose whether to change the default behavior of object names, such as file names, to being case sensitive. The choice you make will affect system security as well as how Windows Services for UNIX functions. With Microsoft Windows, the names of most objects (such as files and directories) are case preserving, but case insensitive. So, you cannot have two files in the same directory named sample.txt and Sample.txt because Windows regards the names as identical for the purposes of identifying files. However, the UNIX operating system is fully case sensitive. So, UNIX systems distinguish between object names when the only difference between those names is the case of the objectname characters. Therefore, sample.txt and Sample.txt could appear in the same directory and the UNIX system would distinguish between them when performing operations on the files. For example, the command rm S*.txt would delete Sample.txt but not sample.txt. In order to implement typical UNIX behavior, the Server for NFS and the Interix subsystem are normally case sensitive when working with file names.

    This behavior can present security issues, particularly for users who are accustomed to the caseinsensitive conventions of Windows. For example, a Trojan horse version of edit.exe named EDIT.EXE could be stored in the same directory as the original. If a user were to type edit at a Windows command prompt, the Trojan horse version (EDIT.EXE) could be executed instead of the standard version. If case sensitivity is enabled, Windows users should be made aware of this possibility.

    With Windows XP(Professional) and the Windows Server 2003 family, the default behavior of subsystems other than the Win32 subsystem is to be case preserving but case insensitive. In previous versions of Windows, such subsystems were fully case sensitive by default. In order to support standard UNIX behavior, Windows Services for UNIX Setup allows you to change the default Windows XP and Windows Server 2003 family behavior for non-Win32 subsystems when installing the base utilities (which installs the Interix subsystem) or Server for NFS. If you enable case sensitivity and then subsequently uninstall Server for NFS and the base utilities, Windows Services for UNIX Setup will restore the default, case-insensitive behavior of non-Win32 subsystems.

  8. Configure User Name Mapping

    User Name Mapping acts as a single clearinghouse that provides centralized user mapping services for Interix and therefore N1GE. User Name Mapping lets you create maps between Windows and UNIX user and group accounts. In principle, these user and group names may not be identical but for users who intend to use N1GE the names have to be identical.

    User Name Mapping lets you maintain a single mapping database for the entire enterprise. This feature makes it easy to configure authentication for multiple computers running Windows Services for UNIX. In addition to one-to-one mapping between Windows and UNIX user and group accounts, User Name Mapping permits one-to-many mapping letting you associate multiple Windows accounts with a single UNIX account. This feature can be useful, for example, when you do not need to maintain separate UNIX accounts for individuals and would rather use a few accounts to provide different classes of access permission. You can use simple maps, which map Windows and UNIX accounts with identical names. You can also create advanced maps to associate Windows and UNIX accounts with different names, which you can use in conjunction with simple maps.

    For information about simple and advanced maps, see "Simple and advanced maps" in "Help for Services for UNIX"


    Note - Note: After the installation has finished, you can find "Help for Services for UNIX" here:

    Start -> Programs -> Services for UNIX -> Help for Services for UNIX


    User Name Mapping can obtain UNIX user, password, and group information from one or more Network Information Service (NIS) servers or from password and group files located on a local hard drive. The password and group files can be copied from a UNIX host or from a Windows-based system running Server for PCNFS.


    Note - User Mapping is part of SFU and not of N1GE. Please consult Microsoft Documentation and/or support to setup user mapping correctly.


    User Mapping Screen

    Your selection in this dialog depends on the hosts and services which are currently provided in your Windows environment and also in the UNIX environment. Otherwise, if there is no such server in your environment then you should select Local User Name Mapping Server.


    Note - You should install SFU and enable the User Name Mapping service on your host which acts as Domain Controller for your windows environment. All other hosts should contact that Remote User Name Mapping Server.

    If you choose Local User Name Mapping Server then you might either select Network Information Services (NIS) to access your passwd and group NIS-maps. Otherwise you have to select l if you will provide the files yourself.


  9. Depending on your previous selections, you have either to enter the NIS Domain name and NIS Server name or the path of the passwd and group files.

    Nis or passwd and group files screen

    Following, you will find an example for the files which have the standard UNIX format. This means that you can also use your /etc/passwd and /etc/group files from your UNIX environment.

     C:\Unix\etc\passwd
             
                root:x:0:0:UNIX root user:/home/root:/bin/tcsh
                user1:x:1002:100:Full name of user1:/home/user1:/bin/tcsh
    
             C:\Unix\etc\group
    
                root::0:


    Note - Some NIS maps do not contain an entry for user root. If this is the case and you intend to create following mapping, Administrator <-> root.

    You create this entry by using the following steps:


    1. First create a password file containing the root entry during this installation step.

    2. If the SFU installation is finished then start the Services for UNIX Administration application and create the mapping: Administrator <-> root.

    3. Switch to NIS mapping.

    4. Use simple mapping or add manual mappings.

    5. At this point the installation starts installing components. Wait until all components are installed.

      Install progress bar screen
  10. When the installation process finishes, you may have to reboot the machine, depending on the version of Windows you are using.

    Finished installation Screen
  11. Make sure that the Interix Subsystem Startup is started during boot time. If you intend to use NFS shares and user mapping then also start Client for NFS and User Name Mapping

    Depending on the installation options and version of the Windows operating system, one or more of these services are disabled by default.

Previous Previous     Contents     Index     Next Next