HP OpenVMS Systems Documentation
Compaq Advanced Server for OpenVMS
External authentication cannot occur if a network connection is required and the network is down. However, as a temporary solution, privileged users can enter the /LOCAL_PASSWORD qualifier after the OpenVMS user name at the login prompt, to specify local authentication. Be sure to specify the OpenVMS user name and password when using the /LOCAL_PASSWORD qualifier.
Because using the /LOCAL_PASSWORD qualifier effectively overrides the security policy established by the system manager, it is allowed only when the user's account has SYSPRV as an authorized privilege. This allows the system manager to gain access to the system when the network is down. When Bit 1 of the equivalence string is set in the SYS$SINGLE_SIGNON logical name, nonprivileged users who are normally externally authenticated can log in locally (the /LOCAL_PASSWORD qualifier need not be specified).
For more information about the /LOCAL_PASSWORD qualifier for the login
command line, refer to the OpenVMS Guide to System Security.
5.8 Converting Encoded File Names from ODS-2 to ODS-5
Existing Advanced Server shares may be converted from ODS-2 to ODS-5 to take advantage of the OpenVMS support of extended file specifications. The Advanced Server for OpenVMS software provides a conversion utility for converting ODS-2 encoded file names on ODS-5 devices that have been converted from ODS-2. The conversion utility removes escape-encoded characters in file names, changing the file names to ISO Latin-1 characters. For example, if a file name is created on an ODS-2 disk containing the character-encoding sequence __E4, to represent the lowercase a-umlaut (ä), the conversion utility removes the encoding and replaces it with the ä character.
You can convert ODS-2 file names to ODS-5 file names after:
If you plan to configure a language other than the default (English (USA)), and your disk device includes ODS-2 file names (names including escape-encoded characters in the format __XX), you must convert all the file names before configuring the new language.
The file name conversion utility that converts file names from the encoding used on ODS-2 file systems to ISO Latin-1 file names is:
When the Advanced Server commands have been defined, you can use the PWCONVERT system management command to invoke the file name conversion utility. For information about defining Advanced Server system management commands, see Section 5.6, Special Advanced Server Management Commands. For example, to define the PWCONVERT command, enter the following DCL command:
$ PWCONVERT :== $SYS$SYSTEM:PWRK$CNVTOHFS.EXE
The format of the PWCONVERT command is:
$ PWCONVERT /qualifiers file-spec
$ PWCONVERT FILENAME:
|/CODE_PAGE= n||The code page used to translate encoded characters, where n is the code page. For more information about code pages, refer to the OpenVMS User's Manual.||None|
Disables the function of the conversion utility specified by the
keyword. The keywords are:
|/LOG= log-file-specification||Creates a log file containing the file names converted. You can specify the location and name of the log file using this qualifier.||/NOLOG. Information is displayed and no log file is created.|
|/VERBOSE||Displays all the file names scanned during the conversion operation.||/NOVERBOSE|
|/NOLIST||Suppresses the display of all the file names that are converted. Only error messages are displayed.||/LIST|
In this example, the file named A FILE.TXT has been created by a Windows 95 client on DISKA, and has been encoded as A__20FILE.TXT. The device DISKA has been converted from ODS-2 to ODS-5. As viewed from OpenVMS, the file appears as follows:
$ DIRECTORY DISKA:[FILES] Directory DISKA:[FILES] . . . A__20FILE.TXT $
Use the PWCONVERT command to convert this file name, as follows:
$ PWCONVERT/VERBOSE DISKA:[FILES]A__20FILE.TXT Scanning file - DISKA:[FILES]A__20FILE.TXT;1 Renamed A__20FILE.TXT to A FILE.TXT Convert Utility Complete $
To convert all the encoded file names on a disk device and directory, enter the PWCONVERT command, specifying the disk device and directory without a file name. For example, to convert all the encoded file names stored on device DISK$USER1, enter the following:
$ PWCONVERT FILENAME: DISK$USER1: Renamed A__20FILE.TXT to A FILE.TXT . . . Convert Utility Complete
The Advanced Server provides optional client-based server administration tools that allow you to manage the server from Windows 2000, Windows 98, Windows 95, Windows for Workgroups, or Windows NT clients. These tools are available in the PWUTIL share after installing, configuring and starting the server.
The SRVTOOLS directory in the PWUTIL share contains a subdirectory for each type of client computer. Refer to the README.TXT file in the appropriate subdirectory for instructions on installing the software on the client computer.
This chapter describes how to set up a wide area network (WAN) using one of the TCP/IP transport software products supported by the Advanced Server for OpenVMS software.
This chapter consists of the following sections:
The Advanced Server for OpenVMS software allows you to use one or more of the following methods for wide area network name resolution:
To use them, they must be enabled using the Configuration Manager. You
can enable them through the PWRK$CONFIG.COM command procedure, which
provides access to the Configuration Manager when you answer YES to the
question "Do you want to change server configuration
parameters." To enable one or more of the wide area network
support methods, select the Transports screen and select the
appropriate checkbox. Alternatively, you can run the Configuration
Manager after the server is configured and started, as described in the
Compaq Advanced Server for OpenVMS Server Administrator's Guide.
6.2 Using the LMHOSTS File in a Wide Area Network
The Advanced Server for OpenVMS software provides the ability to set up a wide area network with the TCP/IP transport through the use of the LMHOSTS file. This file contains a list of domain controllers and member servers in the same domain and also domain controllers in domains that have trusts established with that domain. The LMHOSTS file allows the Advanced Server to participate in a Windows NT wide area network as well.
Unlike a Windows NT Server, the Advanced Server does not support remote LMHOSTS files (called into the Windows NT LMHOSTS file using #INCLUDE). To include the same host names as an existing LMHOSTS file on a Windows NT Server, copy the LMHOSTS file to the Advanced Server then manually insert the entries into the Advanced Server LMHOSTS file.
If you plan to use cluster load balancing in WANs (using DNS for NetBIOS resolution of the Advanced Server cluster alias name), you must remove all entries for the cluster alias from the LMHOSTS file on all systems that will access the Advanced Server cluster and that have enabled DNS for name resolution. For more information on cluster load balancing, refer to the Compaq Advanced Server for OpenVMS Server Administrator's Guide.
To set up a TCP/IP wide area network, modify the LMHOSTS file, adding the host names and TCP/IP addresses of the domain controllers and member servers in the wide area network that are in the same domain or in domains that have trust relationships with that domain.
The LMHOSTS file must be set up on all domain controllers and member servers in the domain, unless other methods are used to resolve NetBIOS names. Make sure your Advanced Server LMHOSTS file includes entries for all domain controllers and member servers of the domain and domain controllers in domains that have trusts established with that domain.
Note the following when configuring a server that will be a backup domain controller (BDC) or member server in an existing domain: if the LMHOSTS file does not include entries for a primary domain controller (PDC) that is in a different TCP/IP subnet, your server will not be able to find that PDC. Make sure you include entries for that PDC in the LMHOSTS file before running PWRK$CONFIG to join the existing domain. Two entries are required for a PDC:
BDCs periodically retrieve changes to the domain-wide security accounts database from the PDC. If you omit a BDC from the LMHOSTS file on the PDC, the PDC will not notify the BDC that database changes need to be retrieved. Or, if a BDC omits the necessary entries for the PDC, the BDC will be unable to locate the PDC when attempting to retrieve database changes. In either case, the BDC's database will become out of date.
You can modify the LMHOSTS file at any time. As long as the LMHOSTS
file exists, users can establish TCP/IP connections to any server
listed in the file.
6.2.2 The LMHOSTS Directory
You set up a wide area network by supplying the following file on all OpenVMS file servers that are in different subnets:
(The LMHOSTS file has no file extension; include the final dot, as
6.2.3 LMHOSTS File Syntax
In the LMHOSTS file, create a list of nodes by specifying the following line for each node:
address NetBIOSname #PRE #DOM:domain_name
speedy "LANDOFOZ \0x1B"
For example, the following entries should be included in the LMHOSTS file on a BDC that is not in the same IP subnet as the PDC (if the two systems are in the same IP subnet, they can resolve names using broadcasts). In this example, the PDC name is DOMPDC at IP address 10.20.30.40 in the domain LANGROUP:
10.20.30.40 DOMPDC #PRE #DOM:LANGROUP 10.20.30.40 "LANGROUP \0x1B" #PRE
The \0x1B name will be registered only by the PDC for the domain. If a BDC is promoted to PDC, the original PDC will release the \0x1B name, allowing the new PDC to register it; LMHOSTS files on other systems that contain an entry for this \0x1B name must be updated to reflect the IP address of the new PDC.
If the domain PDC is a PATHWORKS or Advanced Server for OpenVMS server running on multiple members of an OpenVMS Cluster, only one cluster member will register the \0x1B name (the first to start the NetLogon service). However, if the server stops on that cluster member, the \0x1B name will be released by that cluster member and will then be registered by another cluster member running the server. In this scenario, LMHOSTS files on other systems that contain an entry for this \0x1B name must be updated to reflect the IP address of the cluster member that has registered, and now holds, the \0x1B name. To determine the cluster member that has registered and currently holds the \0x1B name, execute the NBSHOW KNB command at the OpenVMS DCL prompt on each node of the cluster and look for the \0x1B name in the name table that is displayed. The \0x1B name will show up in the name table of only one of the cluster members. The command NBSHOW is a special Advanced Server management command that is defined in the command file SYS$MANAGER:PWRK$DEFINE_COMMANDS.COM; for more information, see Section 5.6, Special Advanced Server Management Commands.
If LMHOSTS files are not updated on all systems to reflect a PDC change, these systems might not be able to find the PDC for the domain. This would affect domain operations adversely.
In environments using trust relationships, the domain controllers in trusting domains must establish a secure communications channel with a domain controller in the trusting domain. This allows a user with an account in one domain to access resources provided by a domain that trusts the user's domain (called pass-through authentication). Therefore, domain controllers in the trusting domain, as well as those in the trusted domain, should list all domain controllers from the other domain in their respective LMHOSTS file. (This assumes other NetBIOS name resolution methods, such as WINS, are not being used.) Each domain controller should also include a \0x1B entry for the PDC of the other domain. In the following example, the domain LANGROUP trusts the domain CORPDOM. The LANGROUP domain consists of the following domain controllers:
The CORPDOM domain consists of the following domain controllers:
To enable the domain controllers in domain LANGROUP to locate a domain controller in domain CORPDOM, include the following entries in the LMHOSTS file located on domain controllers in domain LANGROUP:
18.104.22.168 CORPPDC #PRE #DOM:CORPDOM 22.214.171.124 "CORPDOM \0x1B" #PRE 126.96.36.199 CORPBDC1 #PRE #DOM:CORPDOM 188.8.131.52 CORPBDC2 #PRE #DOM:CORPDOM
Similarly, to enable the domain controllers in domain CORPDOM to locate the domain controllers in domain LANGROUP, include the following entries in the LMHOSTS file located on the domain controllers in domain CORPDOM:
184.108.40.206 LGPPDC #PRE #DOM:LANGROUP 220.127.116.11 "LANGROUP \0x1B" #PRE 18.104.22.168 LGPBDC #PRE #DOM:LANGROUP
The #DOM directive is required in these cases. It explicitly designates
the system as a domain controller in the specified domain. Note that if
you include member servers in the LMHOSTS file (whether they be Windows
NT or Advanced Server member servers), you should omit the #DOM
directive. Member servers are not domain controllers.
6.2.4 Managing the LMHOSTS File
To change the list of available nodes, you can edit the file at any time. Domain controller entries (specified by the #DOM directive) and computer name entries without the #PRE directive are resolved by checking the LMHOSTS file dynamically. This check occurs whenever a name needs to be resolved and is not found in the name cache.
To disable LMHOSTS name resolution, rename all versions of the LMHOSTS file to any name other than LMHOSTS. Or, you can use the Configuration Manager to disable LMHOSTS name resolution. Start the Configuration Manager ($ ADMIN/CONFIG), select the Transports option, and clear the check mark next to the Enable LMHOSTS Resolution option. When you use the Configuration Manager to enable or disable LMHOSTS name resolution, the change is not dynamic; that is, the change will not go into effect until the next time the Advanced Server is started.
When you add an entry to the LMHOSTS file while the Advanced Server is
running, if the entry includes the #PRE directive, the entry will not
be cached permanently (as directed by the #PRE part of the entry) until
the next restart of the server; however, the change is effective
immedately, as it will be read dynamically when the name next needs to
6.2.5 Using the LMHOSTS Log File
If errors occur when the LMHOSTS file is accessed, the errors are recorded in the following file:
This file is open and being written to while the Advanced Server is running. To close the log file, you must stop the Advanced Server.
To prevent the log file from becoming too large, each error is logged
only once --- the first time it occurs. If an error is found in the log
file, it is not logged again.
6.3 Using WINS in a Wide Area Network
You can configure the Advanced Server as a WINS client. This allows the Advanced Server to use a WINS Server for NetBIOS name registration, resolution, renewal, and release in a wide area network configuration.