Document 6506734

Transcription

Document 6506734

®
IBM eServer™
How to set up the z/OS® System Message
Block server and access z/OS data from
Windows®
business on demand software
^
© 2007 IBM Corporation
This presentation will describe the z/OS System Message Block, or SMB, server and how
to set it up so that a PC user can access z/OS data.
zOS_V1R8_SMB_setup.ppt
Page 1 of 17
Agenda
What is the z/OS System Message Block (SMB)
server?
What do you need to do on the server to make
data available?
What do you need to do on the PC to access the
data on z/OS?
2
SMB access from Windows
This presentation will explain what the z/OS SMB server is, how to configure the SMB
server and how to access z/OS data from a Windows PC.
Page 2 of 17
What is the SMB server?
The z/OS SMB (Server Message Block) server is
software that runs on z/OS and is part of the z/OS
Distributed File Service base element
The z/OS SMB server allows Windows PCs to
access z/OS data by using a remote drive letter on
the PC
The z/OS SMB server supports the SMB protocol
that Windows PCs send to a file server
3
SMB stands for Server Message Block. This is the name of the protocol that Windows
clients use to access remote files on a server. The z/OS SMB server runs on z/OS and is
part of the z/OS Distributed File Service base element. Windows PCs can connect to the
z/OS SMB server and assign a remote drive letter to a share name defined on the z/OS
SMB server. After connecting, the PC user can access data on the remote drive letter as
though it were local data.
Page 3 of 17
PCs communicating with the z/OS SMB server
PC
TCP/IP
TCP/IP
z/OS
z/OS
SMB
UNIX®
server
application
PC
z/OS UNIX
PC
4
HFS or zFS
Windows PCs communicate with the z/OS SMB server through TCP/IP. The file requests
are sent to the z/OS SMB server and those file requests are sent down to z/OS UNIX and
then to the Physical File System; for example, HFS or zFS. z/OS UNIX applications and
commands may be accessing the data at the same time.
Page 4 of 17
Agenda
What is the z/OS SMB server?
data available?
data on z/OS?
5
This section will describe what you need to do to make z/OS UNIX data available to
Windows PCs.
Page 5 of 17
data available?
Decide what data you want to make available
Determine whether the data needs EBCDIC to
ASCII translation
Decide how PC users will login to z/OS
Determine if you need to specify any SMB server
configuration options
6
First, you need to decide what data you want to make available to the Windows PCs.
That is, which directory in the z/OS UNIX hierarchy will be the entry point when a defined
share name is used.
Second, you need to decide whether you want data translated from EBCDIC to ASCII
characters when it is sent to the PC. That is, is the data that will be accessed character
data or binary data? Character data should be translated and binary data should not.
Third, you need to decide how PC users will login to z/OS. With all methods, the PC user
ID will be mapped to a local z/OS user ID.
Finally, you may need to specify some SMB server configuration options.
Page 6 of 17
Decide what data you want to make available
Ensure that the SMB server has been installed
You should have a started task PROC named DFS®
You should be able to access z/OS UNIX directories
/opt/dfslocal/var/dfs and /opt/dfslocal/home/dfskern
You can make individual file systems available or
you can make the entire z/OS UNIX hierarchy
available
You create a share name for the directory
7
Before you actually decide what data you want to make available, you should ensure that
the SMB server has been installed. There should be a started task PROC called DFS and
you should be able to access z/OS UNIX directories shown here. If these are not
available, go back and install the Distributed File Service SMB server.
The simplest way to make z/OS UNIX data available to Windows PC users is to make the
entire z/OS UNIX hierarchy available. This is illustrated on the next slide.
Page 7 of 17
Export the root file system
/opt/dfslocal/var/dfs/smbtab should contain this
line:
/dev/ufs1 share1 ufs “The z/OS UNIX root” r/w 100 /
/opt/dfslocal/var/dfs/dfstab should contain this line:
/dev/ufs1 hfs1 ufs 1 0,,1
/opt/dfslocal/var/dfs/devtab should contain these
lines:
define_ufs 1
<root file system name> text
8
To create a share, create the files with the values listed here.
The last line on this slide is the file system name of your root file system followed by the word text.
This is referred to as exporting the root file system and sharing the directory named /
(slash) in the root file system.
These files create a share named share1 that refers to the root of your entire z/OS UNIX
hierarchy.
Page 8 of 17
Determine whether the data needs EBCDIC to
ASCII translation
Most often you will be accessing character data
This requires you to tell the SMB server to
translate the data
The simplest way to do this is to specify
_IOE_HFS_TRANSLATION=ON in the
/opt/dfslocal/home/dfskern/envar file
9
Most often, the z/OS UNIX data that you will be accessing from Windows PCs will be
character data. This will be EBCDIC data stored in a z/OS UNIX file. When that data is
transferred to the Windows PC, you need it to be translated to ASCII so that it displays
properly on the Windows PC.
One way to tell the z/OS SMB server to translate the data going in both directions is to
specify a dfskern environment variable, or configuration option, that tells the server to
translate data. Turn character translation on using the setting in the file shown here.
This tells the SMB server to translate data unless a more discrete specification is made.
For example, on a particular file system as was done on the previous slide in the devtab
entry by specifying text – which also says to translate the data.
Page 9 of 17
Decide how PC users will login to z/OS
Your PC users need to identify themselves in
terms of a z/OS user ID
The PC user ID is mapped to a z/OS user ID using
the smbidmap file
The location of the smbidmap file is specified in the dfskern environment variable _IOE_SMB_IDMAP.
The dfskern environment variable file is located at /opt/dfslocal/home/dfskern/envar
Normally, you would specify _IOE_SMB_IDMAP=/opt/dfslocal/home/dfskern/smbidmap
Another thing you need to specify is whether PC
users will use
Clear passwords
Encrypted passwords
Domain passwords (Passthrough Authentication)
10
When Windows PC users connect to the z/OS SMB server, they need to identify
themselves. If they do not specify a PC user ID on the connect, the PC user ID specified
when the PC user logged on to Windows is used. If they do specify a PC user ID (for
example, on the net use command), then that PC user ID is used.
The PC user ID is mapped to a local z/OS user ID, using the specification in the
smbidmap file. More details are included at the end of this presentation.
Page 10 of 17
Determine if you need to specify any SMB
server configuration options
Specify the following in the
/opt/dfslocal/home/dfskern/envar file:
_IOE_PROTOCOL_RPC=OFF
_IOE_PROTOCOL_SMB=ON
To access subdirectories without needing to explicitly
export each file system, in the same file, specify:
_IOE_DYNAMIC_EXPORT=ON
You must specify that you want to use the SMB protocol but
not the DCE DFS protocol
(since the default is the opposite)
11
There are several SMB server configuration options that you will need to set.
In most cases, you will want to allow PC users to visit all the subdirectories under the
shared directory.
After these specifications are made, you should start (or restart) the SMB server by using
the operator command start dfs (or stop dfs and then start dfs). At this point, the SMB
server is ready to accept connections from Windows PCs.
Page 11 of 17
Agenda
What is the z/OS SMB server?
data available?
data on z/OS?
12
This section covers what you need to do on your Windows PC in order to access the
share that was created on the z/OS system.
Page 12 of 17
What do you need to do on the PC to access
the data on z/OS
Using the host name of the z/OS system and the
share name of the directory, issue a net use
command
For example:
net use z: \\yourhost.com\share1 password /user:pcuserid
Then, access z/OS UNIX data using:
MS-DOS® commands in a command prompt window
or Windows Explorer
13
Assuming that the host name of your z/OS system is yourhost.com, you can connect to
the share that was created on slide 9 (share1) using the MS-DOS net use command.
You can learn about the net use command by searching Windows help for command-line
reference A-Z and scrolling to net services commands and then net use. An example is
shown here.
The password specified depends on the type of password encryption specified in the
dfskern envar file (see slide 11). You only need to specify a pcuserid if you want to use a
PC user ID that is different that the one you used to logon to Windows. Remember that
the pcuserid must be mapped to a z/OS user ID in the smbidmap file.)
After this command is successfully run, you can access the z/OS data by using the drive
letter z:. So, for example, you could enter dir z: in a command prompt window or you
could open Windows Explorer and click on the z: drive letter. Files that contain a filename
extension that is known to Windows, like .txt, are easiest to work with.
Page 13 of 17
Documentation
Documentation for the SMB server is in:
z/OS Distributed File Service SMB Administration
(SC24-5918)
z/OS SMB server Concepts and Administration
z/OS Distributed File Service Messages and Codes
(SC24-5917)
IOEyxxxt messages
z/OS S/390® File and Print Serving
(Redbook SG24-5330)
Redbook (at OS/390® V1R9 level)
14
Finally, refer to documentation for the SMB server in the referenced documents. There
are many topics that were not covered in this presentation that you can read about in
these books.
Page 14 of 17
Format of the smbidmap file
In the smbidmap file, you specify the mapping of each
Windows PC user’s user ID to their corresponding z/OS
user ID. The format is:
pcuserid1
zosuserid1
<blank line>
pcuserid2
zosuserid2
<blank line>
and so on, for as many mappings as needed.
So, for example, you might specify:
smithj
g123456
jonesm
g111111
15
This slide explains the format of the smbidmap file. PC user IDs are followed by z/OS user
IDs and the pairs are delimited by a blank line.
Page 15 of 17
PC user authentication options
For clear passwords, specify the dfskern envar: _IOE_SMB_CLEAR_PW=REQUIRED
In this case, when they connect, your PC users will need to specify the z/OS (RACF)
password of the z/OS user ID they are mapped to.
To use clear passwords, the PC users may need to set this registry key value to 1:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Lanmanworkstation\EnablePlainTextPassword
For encrypted passwords, specify the dfskern envar: _IOE_SMB_CLEAR_PW=NOTALLOWED
In this case, to connect, PC users will need to specify the password they set in their
DCE segment on z/OS using the OMVS smbpw command.
For pass-through authentication, specify these dfskern envars:
_IOE_SMB_AUTH_DOMAIN_NAME=<domain name of domain controller>
_IOE_SMB_AUTH_SERVER=n.n.n.n
_IOE_SMB_AUTH_SERVER_COMPUTER_NAME=<computer name of domain controller>
_IOE_SMB_BACKUP_AUTH_SERVER=n.n.n.n
_IOE_SMB_BACKUP_AUTH_SERVER_COMPUTER_NAME=<computer name of backup domain controller>
These refer to the IP address and computer name of your Windows domain controller
(with an optional backup domain controller). In this case, when they connect, your PC
users will need to specify their domain password.
16
There are three options for how to handle passwords; clear, encrypted, and pass-through.
This slide illustrates the dfskern settings for each. Note that for clear-text passwords, an
additional setting on each client PC is needed.
Page 16 of 17
Trademarks, copyrights, and disclaimers
The following terms are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both:
DFS
IBM
OS/390
S/390
z/OS
MS-DOS, Windows, and the Windows logo are registered trademarks of Microsoft Corporation in the United States, other countries, or both.
UNIX is a registered trademark of The Open Group in the United States and other countries.
Product data has been reviewed for accuracy as of the date of initial publication. Product data is subject to change without notice. This document could include technical inaccuracies or
typographical errors. IBM may make improvements or changes in the products or programs described herein at any time without notice. Any statements regarding IBM's future direction
and intent are subject to change or withdrawal without notice, and represent goals and objectives only. References in this document to IBM products, programs, or services does not imply
that IBM intends to make such products, programs or services available in all countries in which IBM operates or does business. Any reference to an IBM Program Product in this
document is not intended to state or imply that only that program product may be used. Any functionally equivalent program, that does not infringe IBM's intellectual property rights, may
be used instead.
Information is provided "AS IS" without warranty of any kind. THE INFORMATION PROVIDED IN THIS DOCUMENT IS DISTRIBUTED "AS IS" WITHOUT ANY WARRANTY, EITHER
EXPRESS OR IMPLIED. IBM EXPRESSLY DISCLAIMS ANY WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NONINFRINGEMENT. IBM shall
have no responsibility to update this information. IBM products are warranted, if at all, according to the terms and conditions of the agreements (for example, IBM Customer Agreement,
Statement of Limited Warranty, International Program License Agreement, etc.) under which they are provided. Information concerning non-IBM products was obtained from the suppliers
of those products, their published announcements or other publicly available sources. IBM has not tested those products in connection with this publication and cannot confirm the
accuracy of performance, compatibility or any other claims related to non-IBM products.
IBM makes no representations or warranties, express or implied, regarding non-IBM products and services.
The provision of the information contained herein is not intended to, and does not, grant any right or license under any IBM patents or copyrights. Inquiries regarding patent or copyright
licenses should be made, in writing, to:
IBM Director of Licensing
IBM Corporation
North Castle Drive
Armonk, NY 10504-1785
U.S.A.
Performance is in Internal Throughput Rate (ITR) ratio based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput that
any user will experience will vary depending upon considerations such as the amount of multiprogramming in the user's job stream, the I/O configuration, the storage configuration, and the
workload processed. Therefore, no assurance can be given that an individual user will achieve throughput improvements equivalent to the performance ratios stated here.
All customer examples cited or described in this presentation are presented as illustrations of the manner in which some customers have used IBM products and the results they may
have achieved. Actual environmental costs and performance characteristics will vary depending on individual customer configurations and conditions.
This publication was produced in the United States. IBM may not offer the products, services or features discussed in this document in other countries, and the information may be subject
to change without notice. Consult your local IBM business contact for information on the product or services available in your area.
All statements regarding IBM's future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only.
Information about non-IBM products is obtained from the manufacturers of those products or their published announcements. IBM has not tested those products and cannot confirm the
performance, compatibility, or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products.
© Copyright International Business Machines Corporation 2007. All rights reserved.
Note to U.S. Government Users - Documentation related to restricted rights-Use, duplication or disclosure is subject to restrictions set forth in GSA ADP Schedule Contract and IBM Corp.
17
Page 17 of 17

Document 6506734

Transcription

Similar documents

SMB Cookie Dough Flyer - Saratoga Music Boosters

How to Setup Scan to SMB to a

Sec 3 - Sembawang Secondary School

Speeding Up File Transfers in Windows® 7 - ASPE

SMB Schwede Maschinenbau GmbH Strapping technology for the

Scan-to-SMB (Scan-to

Adding Role Based Access Control onto a Unix Storage Platform

Hardware Support