|
|
Rational supports two SMB products- Samba, available from www.samba.org, and Syntax TotalNET Advanced Server (TAS) from LSI Logic Corporation-to enable access to UNIX file systems from Windows computers. This section describes how to install and configure Samba and TAS.
Only a few versions of Samba and TAS (on a few UNIX platforms) are supported for use with ClearCase. The Release Notes for Rational ClearCase and ClearCase MultiSite include the most up-to-date information about SMB server products, including information on supported versions and platforms.
ClearCase supports use of Samba to provide Windows computers that use dynamic views with access to VOBs and views on several UNIX platforms.
Samba can be downloaded from www.samba.org. Download it and follow the installation instructions for the operating system on which you are installing it. Samba must be installed and configured on each UNIX VOB and view server that you want to access from Windows.
To configure Samba for use by ClearCase, you must do the following:
Create a Samba username map for the clearcase_albd user.
Configure Samba globals.
Create shares for VOB and view storage.
Start Samba services.
NOTE: In this section, we assume that the user account for the ClearCase server process on Windows is named clearcase_albd. If your user account for this server process is configured to use a different name, use that name instead.
Samba requires a username map that associates the user account for ClearCase server process Windows with a UNIX user account.
To create the Samba username map, use any text editor to create a file named username.map on the host where Samba is installed. We recommend that you create the file in the same directory where you have installed other Samba configuration files (such as smb.conf).
The file must contain a line of the form
account = clearcase_albd
where account is the name of an existing UNIX user account. We strongly recommend that this user's primary group (the group listed in the user's entry in the passwd database) be one to which all ClearCase users accessing VOBs and views on this server belong. For details about group- and user-level access to ClearCase data, see Understanding ClearCase Access Controls.
For more information about the username.map file, see the Samba documentation.
Samba can be configured using various methods that range from a simple text editor to graphical tools. The examples in this document describe the configuration of Samba through the use of the Samba Web Administration Tool (SWAT), which is included in the Samba download. Instructions included with the download explain how to enable this tool.
Type a URL of this format in a Web browser:
where computer is the host name of a UNIX VOB server or view server host on which you have installed Samba and port# represents the SWAT port number. (The default value is 901.)
Log on as root. The SWAT interface now appears in your browser.
Click the GLOBALS icon at the top of the SWAT interface's home page. Then click Advanced View. Set the global options as described in Table 7.
Base options | |
workgroup | Set to the name of the Windows domain to which ClearCase hosts accessing this server belong |
netbios name | Set to the host name of this computer |
Security options | |
security | DOMAIN (recommended) or USER (see note) |
encrypt passwords | Yes |
create mask | 0775 |
directory mask | 0775 |
username map | Set to the local pathname of the username.map file |
Locking options | |
oplocks | No |
kernel oplocks | No |
File-name handling options | |
case sensitive | No |
preserve case | Yes |
NOTE: If you select USER security, you must enter every user that will access Samba file services in a local password encryption database on the server that supports those file services. Click the PASSWORD icon on the SWAT home page. In the Server Password Management section, enter the name and password of each user.
ClearCase has no special requirements for other Samba globals, so you may configure them in any way that's appropriate for your site.
You must create one or more Samba shares to hold server storage locations or individual VOB or view storage directories. To create a Samba share:
Click the SHARES icon at the top of the SWAT interface's home page.
Enter a name for the share in the text box to the right of the Create Share button. To simplify administration, we recommend that the share name be similar or identical to that of the UNIX directory whose name you will enter in Step #4.
Click Create Share.
Edit the path option under Base Options. Set its value to be a directory under which the VOB or view storage areas reside. The VOB or view storage areas do not need to be in the directory specified, but they must be somewhere below the specified directory.
Click Commit Changes.
The Samba smbd and nmbd services must be running before Windows computers can access files using Samba. We recommend that you configure your UNIX host to start the smbd and nmbd services at boot time. Platform-specific instructions for configuring automatic service startup are included in the Samba documentation.
Samba services can also be started manually from the SWAT interface using the following procedure:
Click the STATUS icon at the top of the SWAT interface's home page.
Click Start smbd. The page refreshes and should display the smbd status as running.
Click Start nmbd. The page refreshes and should display the nmbd status as running.
For all ClearCase clients on Windows that have the MVFS installed and that will access Samba shares, change the MVFS Performance settings in the ClearCase program in Control Panel as follows:
Click Start > Settings > Control Panel. Start ClearCase.
On the MVFS Performance tab:
Select Override for both Maximum number of mnodes to keep on the free list and Maximum number of mnodes to keep for cleartext free list.
Set the value for both to 800.
Click OK to apply the changes and close the dialog box.
Restart Windows.
We recommend that you test the Samba installation and configuration using non-ClearCase files and directories before attempting to use Samba to provide file access to VOBs and views, as follows:
Create a directory on your Samba server (for example, /testshare/testdir) and a test file in that directory (for example, /testshare/testdir/testfile).
Create a Samba share using testshare as the share name and /testshare as the path name for the share.
From a Windows client, create a file in the Samba share. Then verify that the UNIX user and group settings for that file are correct.
Verify that all Windows clients can access the Samba share, including testing permission and access restrictions, until you are confident that Samba is working properly.
To verify that ClearCase and Samba are working together properly:
On a UNIX VOB or view server, install and configure Samba as described in this chapter, creating shares for VOB and/or view storage.
Verify that your ClearCase user and group assignments are appropriate, as described in Understanding ClearCase Access Controls.
Verify that you can access VOBs and views on the server from a UNIX client.
Log on to a ClearCase client on Windows. Use the Region Synchronizer to import VOB and view tags for VOBs and views hosted on the UNIX server into the Windows region.
Ensure that you can use these views and VOBs by performing some basic ClearCase operations (for example, mkelem, checkin, and checkout) in them.
ClearCase supports the TotalNET Advanced Server (TAS) SMB server product from LSI Logic Corporation to provide Windows computers using dynamic views with access to VOBs and views on several UNIX platforms.
This section describes how to install TAS, including how to configure TAS and ClearCase to support mixed-environment file access. If you are using TAS, you must install and configure it on each UNIX VOB and view server that you want to access from a Windows client.
Follow the instructions in the appropriate platform-specific installation section of TotalNET Advanced Server Release Notes to install TAS on each VOB and view server requiring access from Windows.
If you are installing TotalNET Advanced Server on an AIX platform, you must enable the multiuser kernel driver after installing TAS. This step provides support for the TAS SMB multiplexor, which is required when using ClearCase with TAS on AIX.
To enable the multiuser kernel driver, use the TAS smbmxenable command. This command does not take any command-line options or arguments.
cd /var/totalnet/usr/sbin
./smbmxenable
To disable the multiuser kernel driver, use the TAS smbmxdisable command. This command does not take any command-line options or arguments.
cd /var/totalnet/usr/sbin
./smbmxdisable
NOTE: You cannot enable or disable the multiuser support from the Framework interface. You must use the command line. For details about multiuser support on AIX platforms, see the TAS Administration Manual.
You can configure and administer TAS using the Syntax Administration Framework (formerly known as the TotalNET Administration Suite, or TNAS) Web interface. For details, see the chapter on syntax administration framework in TotalNET Advanced Server Administration Manual.
To access the Syntax Administration Framework Web interface:
Type a URL of this format in a Web browser:
computer is the host name of a UNIX VOB- or view-server host on which you have installed TAS
port# represents the Framework port number (the default is 7777)
The Syntax Enterprise Services page appears.
Click Syntax Administration Framework; a Framework logon program appears.
Log on as root, using the root password for the TAS server. The Framework interface now appears in your browser.
Click TAS Configuration and Administration in the sphere frame (that is, the frame at the upper right of the interface).
The TAS configuration and administration menu now appears in the menu frame (that is, the frame at the lower left of the interface).
NOTE: If you are upgrading an existing installation of TAS, the upgrade procedures preserve the previous configuration, including existing TAS volumes and file services supporting ClearCase, so you can skip the remaining sections of this chapter. After you have upgraded, ensure that opportunistic locks are disabled for each TAS volume that contains ClearCase storage. (The Support opportunistic locks check box in the volume definition should be cleared.) For details, see the TAS Administration Manual.
The first time you install TAS on a server, you must perform an initial setup on that TAS installation as described in the TAS Administration Manual. Click Initial Setup in the menu frame of the Framework Web interface, and follow the instructions in the TAS documentation, subject to the changes noted in these sections that are specific to use of TAS with ClearCase.
For more information on any of the topics related to configuring TAS, see the TAS Administration Manual.
Accept the defaults for Admin user, Admin group, and so on in the General TAS Settings pane.
In the Select Realms to Configure pane, enable the CIFS realm, and click Next; the CIFS Realm Configuration pane appears.
NOTE: ClearCase does not require that the NetWare and AppleTalk realms be enabled.
Configure the CIFS realm as follows:
Server name - Type the name of the VOB or view server, if it is not already the default.
Workgroup - Type the name of the Windows domain to which your ClearCase clients belong.
Transports - Select the protocols appropriate for your site.
Device for NetBEUI - Accept the default.
WINS Server(s) - If you are using proxy server authentication mode for CIFS file services (see Configuring the File Service), you may have to specify the IP addresses of the WINS servers for the network on which the authentication proxy server resides.
After initial setup, configure the TAS server to support ClearCase, using the Framework Web interface.
Create a TAS username map from the user account for the ClearCase server process user on Windows (see Defining the Accounts Manually) to a UNIX user account whose primary group ID (GID) can access all VOBs and views that will be accessed by TAS file services. In this section, we assume that this user account is named clearcase_albd. If the user account for your server process is configured to use a different name, use that name instead.
To create the TAS username map:
Click TAS System in the menu frame; the TAS System Configuration and Administration pane appears.
Click Username Maps; the Username Maps pane appears. Make these changes to support ClearCase:
In the text box, type the name of an existing UNIX user account and click Create. We strongly recommend that this user's primary group (the group listed in the user's entry in the passwd database) be one to which all ClearCase users who access VOBs and views on this server belong.
For details about how user and group identities control access to ClearCase data, see Chapter 3, Understanding ClearCase Access Controls
In List of client accounts, type clearcase_albd.
Click Submit at the bottom of the form; then click OK in the confirmation message.
Create a TAS volume that exports the directory in which the VOB and/or view storage are physically located. Clients use the volume name to represent the path to the physical VOB or view storage location.
NOTE: We recommend that you test the TAS installation and configuration using ordinary files before using TAS to access VOBs and views. For details, see Testing the TAS Configuration on Ordinary Files.
The procedure required to support ClearCase is summarized here:
Click TAS System in the menu frame; then click Volumes in the TAS System Configuration and Administration pane.
Type a name (for example, ccstore) in the text box.
Ensure that the volume name is of a form that is acceptable for all realms that will access it. For example, some realms do not accept names longer than 12 characters.
NOTE: The text box contains a symbolic name for the volume, not the pathname to the volume storage. However, it is a good idea to specify TAS volume names that correlate to the VOB and view storage paths. (For example, a TAS volume named ccstore may be associated with /ccstore on the UNIX computer.) If these names do not correlate, examine the volume properties to determine which pathnames are associated with which volumes.
Click Create; a New Volume Definition pane appears. Make these changes to support ClearCase:
Pathname - Type the pathname to the virtual root of the storage area. This pathname is the root of the VOB or view storage areas for the VOB or view server. In other words, all VOB or view storage areas must be located below this pathname (but they need not be direct subdirectories of this pathname).
For example, if you type /ccstore, legal VOB and view storage names for this volume are /ccstore/vobstore, /ccstore/home/vobstore, and /ccstore/home/project/viewstore.
Volume umask - Type 002.
Filename Case - Select preserve.
Support opportunistic locks - Clear the check box.
Click Submit at the bottom of the form; then click OK in the confirmation pane.
To configure the TAS file service to support ClearCase:
Access the file service:
Click CIFS (NB) Realm in the menu frame.
Click Manage CIFS File Services; a list of the file services appears.
Click the file service that corresponds to your TAS server; then click Administer. A menu of file service operations appears.
Click Configuration; an update file service form appears. Make these changes to support ClearCase:
Volume references - Select the TAS volumes this file service references and exports.
Browse master - Select off.
Umask - Type 002.
Freespace report method - Select root.
Windows 95 logon server - Clear this check box.
Windows NT logon server - Clear this check box.
NOTE: You cannot use the Windows NT Logon Server feature if the TAS volumes are to include ClearCase storage.
Click Submit at the bottom of the form; then click OK in the confirmation pane to return to the menu of file service operations.
Click Authentication Options; the Authentication Options form appears. Under User-mode authentication options, click Local or Remote.
NOTE: You cannot use Share mode authentication if the TAS volumes are to include ClearCase storage.
For assistance in determining the authentication mode for your site, see your system administrator.
If you select Remote authentication, configure the authentication as follows:
Proxies-Click Proxies and type the name of the proxy servers in this text box, one per line.
NOTE: You may need to specify in the CIFS realm the IP addresses of the WINS servers for the network on which the authentication proxy server resides. (See Enabling and Configuring the CIFS Realm.)
Use Username map - Select this check box to ensure that the file service references the clearcase_albd username map specified in Creating a TAS Username Map for clearcase_albd.
If you select Local authentication, configure the authentication as follows:
Use Secure Passwords - Select this check box.
NOTE: If you select Local authentication, you must enter every user that will access TAS file services in a local password encryption database on the server supporting those file services. If your CIFS realm contains multiple servers supporting TAS file services, you must configure a local password encryption database on each server.
Use Username map - Select this check box to ensure that the file service references the clearcase_albd username map specified in Creating a TAS Username Map for clearcase_albd.
Click Submit at the bottom of the authentication options form. Then click OK in the confirmation pane to return to the menu of file service operations.
To start the TAS file services and accept service connections:
Click TAS System in the menu frame and then click TAS System Administration.
Click Start Services in the TAS System Administration pane.
Click OK in the Confirmation pane; then click OK to return to the TAS System Administration pane.
In the TAS System Administration pane, click Accept Service Connections.
Click OK in the Confirmation pane; then click OK to return to the TAS System Administration pane.
At this point, TAS is configured to support ClearCase. You can exit the Framework Web interface.
For all ClearCase clients on Windows that have the MVFS installed and will access TAS volumes, change the MVFS Performance settings in the ClearCase program in Control Panel as follows:
Click Start > Settings > Control Panel. Start ClearCase.
On the MVFS Performance tab:
Select Override for both Maximum number of mnodes to keep on the free list and Maximum number of mnodes to keep for cleartext free list.
Set the value for both to 800.
Click OK to apply the changes and close the dialog box.
Restart the Windows client.
We recommend that you test the TAS installation and configuration using non-ClearCase files and directories before attempting to use TAS to provide file access to VOBs and views, as follows:
Create a directory structure on your TAS server (for example, /tasstore/testdir) and a test file in that directory (for example, /tasstore/testdir/testfile).
Install and configure TAS as described in this chapter, using tasstore as the volume name and /tasstore as the path name for the volume.
From a Windows client, create a file in the TAS volume. Then verify that the UNIX user and group settings for that file are correct.
Verify that all Windows clients can access the TAS volume, including testing permission and access restrictions, until you are confident that TAS is working properly.
To verify that ClearCase and TAS are working together properly:
On a UNIX VOB or view server, install and configure TAS as described in this chapter, creating volumes containing VOB and/or view storage.
Verify that your ClearCase user and group assignments are appropriate. To do so, use the tests described in the chapter on configuring ClearCase in a mixed network in Checking User and Group Assignments.
Verify that you can access VOBs and views on the server from a UNIX client.
Log on to a ClearCase client on Windows. Use the Region Synchronizer to import VOB-tags and view-tags for VOBs and views hosted on the UNIX server into the Windows region.
Ensure that you can use these views and VOBs by performing some basic ClearCase operations (for example, mkelem, checkin, and checkout) in them.
|
|
Feedback on the documentation in this site? We welcome any comments!
Copyright © 2001 by Rational Software Corporation. All rights reserved. |
