windows-nt/Source/XPSP1/NT/net/sfm/uam/sfmuam.txt
2020-09-26 16:20:57 +08:00

1 line
8.2 KiB
Plaintext

Microsoft Windows 2000 Server
Services for Macintosh Release Notes
INSTALLATION OF THE MACINTOSH WORKSTATION SOFTWARE AND
QUICK REFERENCE FOR MACINTOSH USERS
INSTALLING THE MACINTOSH WORKSTATION SOFTWARE
The following instructions describe how to install the Macintosh(c) workstation software that provides secure logon to a Microsoft(c) Windows(c) 2000 Server.
User Authentication
A user authentication module (UAM) is a software program that prompts users for an account name and password before they log on to a server. The Macintosh Chooser has a standard UAM built in, which uses the clear-text password or Apple's RandNum Exchange method of security.
Microsoft Authentication offers an additional level of security because the password is used as a key to encrypt a random number. If the system administrator for the computer running Windows 2000 Server has determined that encryption is an important security measure, you may be asked to use Microsoft Authentication when you log on to the server.
Minimum Requirements for MS UAM 5.0
To use the new Microsoft UAM v5.0, you must have a Macintosh client running AppleShare Client 3.8 or newer or Mac OS 8.5 or newer. If you do not meet these minimum requirements, the MS UAM Installer will install the old MS UAM v1.0 module. If you upgrade your system software, you will need to re-run the MS UAM Installer.
NOTE: Microsoft does not support AppleShare 3.7 for use with Windows 2000 Server and Services For Macintosh. If you are using version 3.7 of the AppleShare Client, Microsoft strongly recommends that you upgrade to AppleShare Client 3.8 or newer.
Microsoft Authentication 1.0
MS UAM 1.0 is not compatible with AFP over TCP/IP. If you attempt to log onto a Windows 2000 Server using MS UAM 1.0 and TCP/IP is available, the UAM will close after clicking "OK" and will not provide any error message.
For authentication over TCP/IP, you must install MS UAM 5.0. See minimum requirement for MS UAM 5.0 earlier in this document.
Installing User Authentication
Log on to the Microsoft UAM Volume on the computer running Windows 2000 Server to access the MS UAM file. Then drag this file to your AppleShare(c) Folder in your System Folder. Instructions follow. (Users outside North America, see the "International Concerns" section later in these Release Notes before proceeding.)
To gain access to the Microsoft Authentication files on the computer running Windows 2000 Server
1. On the Macintosh Apple menu, click Chooser.
2. Double-click the AppleShare icon, and then click the AppleTalk(c) zone in which the computer running Windows 2000 Server, with Services for Macintosh, resides. (Ask your system administrator if you're not sure of the zone.)
3. From the list of file servers, select the Windows 2000 Server computer, and then click OK.
4. Click the Registered User or Guest option, as appropriate, and then click OK.
5. Click the Microsoft UAM Volume, and then click OK.
6. Close the Chooser dialog box.
To install the authentication files on the Macintosh workstation
1. On the Macintosh Desktop, double-click the Microsoft UAM Volume.
2. Locate the "MS UAM Installer" file on the Microsoft UAM Volume, then double-click it.
3. Click Continue in the installer welcome screen.
The installer will report whether the installation succeeded.
If the installation has succeeded, when Macintosh users of this workstation connect to the Windows 2000 Server computer, they will be offered Microsoft Authentication.
QUICK REFERENCE FOR MACINTOSH USERS
As a Macintosh user, you can share files and folders with users of Intel-based computers by saving the files and folders to a computer running Windows 2000 Server with Services for Macintosh. You do this by mounting a Macintosh-accessible volume onto your desktop and saving the files and folders you want to share on it. (A Macintosh-accessible volume is a directory on the computer running Windows 2000 Server that has been designated as a volume that Macintosh computers can use.) If you're sharing files with MS-DOS users, it's a good idea to name files and folders using the 8.3 standard (eight characters, followed by a period, and then a three-character extension) used by MS-DOS-based computers -- for example, Chapter.doc. If you use the 8.3 standard, MS-DOS users of shared files can easily find the file on the computer running Windows 2000 Server.
For more information about sharing files and printing on a computer running Windows 2000 Server, see the Microsoft Windows 2000 Server Services for Macintosh manual and the Microsoft Windows 2000 Server System Guide. For general information about using Macintosh computers, see your Macintosh user manuals.
Logging On to a Computer Running Windows 2000 Server
Logging on to a computer running Windows 2000 Server with Services for Macintosh is much like logging on to any other server on an AppleTalk network. During this procedure, you will be asked to specify a logon method -- either Apple Standard UAM (user authentication module) or Microsoft Authentication (which provides secure logon to the computer running Windows 2000 Server). Consult your system administrator if you are not offered Microsoft Authentication. Your system administrator may want you to install the files necessary to run it. (For more information, refer to earlier sections of this file.)
Privileges and Permissions
When you create a folder on a Macintosh computer, you can set access privileges for it. By setting privileges, you can determine who can see and change the folder and the files in it. You do this on your Macintosh computer by selecting the folder and, on the Finder's File menu, clicking Sharing. The access privileges you set on folders in Macintosh-accessible volumes are translated to Windows 2000-style permissions on the corresponding directory on the Windows 2000 computer.
Note that Windows 2000-based users can set permissions (on files and folders), which are translated to access privileges. These access privileges affect your ability to use files and folders saved by users of Intel-based computers. Therefore, if you're having trouble using a file on the computer running Windows 2000 Server, you may not have the necessary privileges. Consult the system administrator or the owner of the file to get the permissions you need.
Troubleshooting Hints
I can't find a volume.
The volume might be configured as a private volume. A private volume is any volume in which the Owner, Primary Group, and Everyone categories have no access privileges -- only the owner has permissions. Ask the owner or administrator to give you the permissions you need to use it.
I can't find a folder or file.
You may not have privileges to see the files or folders. Ask the owner or administrator to give you the privileges you need to use it.
I forgot my password.
Ask the system administrator to reset your password.
I can't save a file with an 8.3 name.
This name may already exist on the computer running Windows 2000 Server. Give the file a different filename. If MS-DOS users are going to need it, using the 8.3 standard makes it easier for them to identify it. (A short name is automatically generated by the computer running Windows 2000 Server. However, it may not be as easily identifiable to users as one you create.) If no MS-DOS users will need the file, the filename can be as long as Macintosh computers allows -- 31 characters.
I can't find the Windows 2000 Server with Services for Macintosh.
Ask your system administrator to help you.
A user of an Intel-based computer with whom I'm sharing files can't see the contents of a folder.
The folder's owner needs to give the user of the Intel-based computer both the See Files and See Folders access privileges (also called permissions on a Windows 2000 computer).
I can't mount a Macintosh-accessible volume using an alias.
The volume may have a password, or you may have connected to the volume using Microsoft Authentication. If the volume has a password, you can mount the volume through the Chooser and then use the alias. Or you can specify that it be opened at system startup when you mount the volume. If you are using Microsoft Authentication to log on to the server, you must mount the volume through the Chooser and then use the alias.