Starting the Data Server - Windows NT

Configuring the Data Server

To configure the Data Server, open the Control Panel and double-click the PRO/5 Data Server icon. The default settings include the setup for a data server named DataServer1 connected to port 1100 for which the TCP_NODELAY socket flag is enabled and for which the default configuration file path is used. Open Access is enabled by default.

Creating New Data Server Processes

It is possible to configure multiple Data Server processes. To create a new process, do the following:

1. Enter a unique name in the Data Server field. (Checking the Disabled box disables this process.)

2. Either set the port by clicking the Port button and entering a port number that is not already being used in the services file or set the service name by clicking the Service button and entering the name of a service listed in the services file (include the Port setting that corresponds to the service name).

3. To prevent the automatic termination of a network socket connection during periods of inactivity, check the Keep Alive box to enable the SO_KEEPALIVE socket flag.

4. To prevent the buffering of unacknowledged send data until a full-size packet can be sent, check the TCP No Delay box to enable the TCP_NODELAY socket flag.

5. In Rev 5.0 and higher, the SSL checkbox enables Secure Sockets Layer. This option requires all clients using this data server connection to use SSL for encrypting the data going to and from the data server.

Note 1: All client configurations require SSL in the data server prefix as follows: /<server,ssl>/path.

Note 2: This SSL implementation protects the data from packet sniffing but may not protect the data from a "man in the middle attack" (a computer that pretends to be the data server, participates in the SSL key negotiation, decrypts and re-encrypts the data, and forwards it to the real data server). A "man in the middle attack" requires tampering with things like routers, DNS servers, DHCP servers, and wiring and is more difficult to accomplish than a packet-sniffing or eavesdropping attack.

6. The Allow Access is a simple checkbox that enables or disables Windows NT user logon and controls how the Data Server accesses files on behalf of the remote user.

7. To enable logging to the event log, check the Enable Event Logging box.

8. To modify the path to the configuration file, enter the path in the Config File field or click the Browse button to locate the file.

To delete this Data Server process, click the Remove button. (This cannot be reversed via the Cancel button.)

Viewing the Event Log

To view the event log, do the following:

1 On the Start menu, select Programs.

2 Select Administrative Tools.

3 Select Event Viewer.

The NT Data Server logs to the Application Log (Log, Application Log) with the Source being PRO5SRV.

Starting the Data Server

1 In the Control Panel, double-click the Services icon to display the Services dialog.

To manually start the Data Server, click the PRO/5 Data Server service and click the Start button.

To set the Data Server to start automatically when the server is booted, click the PRO/5 Data Server service, and then click the Startup button. In the Startup section, click the Automatic button. To set the logon ID to an account other than the system account, click the This Account button and enter the user ID. Click OK to return to the Services dialog. To customize the configuration, see "Access Configuration."

2 Click the Start button.

Using the Data Server to Access Remote Files With Open Access

From the client, use the PRO/5 OPEN verb to access a remote file. For example, the following opens the /etc/passwd file on the accounts host server:

open (1) "/<accounts>/etc/passwd"

All controls that use pictures (image, imagelist, and tool buttons) use the standard file system OPEN, as does the printer device 'BITMAP' mnemonic. Cursors and icons use Windows APIs.

Using the Data Server to Access Remote Files Without Open Access

To support user authentication to NTDS 2.20 and beyond, a new User Definable Data Block (UDDB) must be populated before a connection (the first OPEN) is made to an NT Data Server.

UDDB is only supported in a Visual PRO/5 Client to an NT Data Server.

The UDDB can contain a simple string with a "user=" portion that overrides the default user id used by the Data Server, a "passwd=" section that allows for the specification of a password for authentication by the remote Data Server, and a "domain=" portion that would specify the domain to be used by the remote Data Server. Some examples are:

A$=STBL("!DSUDDB","user=janeb,passwd=dog,domain=basis")
A$=STBL("!DSUDDB","passwd=dog,domain=basis")
A$=STBL("!DSUDDB","passwd=dog")

From the client, use the PRO/5 OPEN verb to access a remote file. For example, the following opens the /etc/passwd file on the accounts host server:

open (1) "/<accounts>/etc/passwd"

All controls that use pictures (image, imagelist, and tool buttons) use the standard file system OPEN, as does the printer device 'BITMAP' mnemonic. Cursors and icons use Windows APIs.

Access Configuration

If Open Access is enabled (default), the Data Server will have the same access (on behalf of the remote user) as the account that started the Data Server. If Open Access is disabled, requiring that an NT User Logon operation be performed, the Data Server will have the same access as remote user account.

The account that starts the NT Data Server and the remote user accounts require specific privileges to allow the user authentication (Open Access disabled) to work. Privileges can be set by starting the User Manager (Start->Administrative Tools->User Manager), selecting User Rights (from menu Policies->User Rights), check the Show Advanced User Rights check box, selecting the appropriate User Right, selecting the Add button, and selecting the appropriate group/user.

The account that starts the Data Server requires the following privileges (the system account has these privileges by default):

Privilege

Display Name

SeTcbPrivilege

Act as part of the operating system.

SeAssignPrimary

Replace a process level token.

SeIncreaseQuota

Increase quotas.

SeServiceSid

Log on as a service

The remote user account needs the following privilege:

Privilege

Display Name

SeBatchSid

Log on as a batch job.