To open this frame in its own Window, click here.

E&PS Network Logon for Macintosh Users

One of a series of eclectic notes on how to do things on the UNM / E&PS network by Jim Connolly
(Revision date: 4-Jun-2003.)

Introduction

This document is for users of Apple Macintosh Systems who want to make use of the Earth & Planetary Sciences Local Area Network (hereafter referred to the network). This document applies to all Mac operating systems prior to OS X (10). All Mac OS versions newer than 7.5 include TCP/IP (a.k.a. MacTCP). The OS versions 8.5+ and 9 use TCP/IP as their prmary protocol, with Apple's older AppleTalk protocol as an alternative. On our (aging) Windows NT network, AppleTalk is still the most effective means of accessing File and Printer resources on our file and print servers. In general, you will find that MacOS 9+ is a good "classic" OS for Macs and provides functional and stable network access.

The new Mac OS X is really UNIX in Mac clothing, and as such requires a completely different approach to establishing network connections, particularly since our Mac services still use AppleTalk. I will revise this document when I have new information available.

Our Network uses Windows NT 4.0 as a networking operating system. It uses "Services for Macintosh" which enables volumes on the NT Server to be shared to the Macs on the network and lets them behave just like other shared Mac volumes. This facilitates centralized storage of data on a secure server which is backed up on a daily basis and also enables easy sharing of data between Macs and PCs since your data on the Mac volumes is also visible to you if you log in from a Windows system.

There are several sections to this help document: Section 1 "walks" the first time through setting up to log on. Section 2 explains how to use the chooser to connect to available network file and printer resources. Section 3 explains how to make network printer connections (including our color and B&W laser printers). Section 4 explains how Mac users should log off the network (by "trashing" their network folders). Other "help" documents on the EPS Web site (epswww.unm.edu/help) explain in some detail what resources (file storage, printers and software) are available on the network.

To set up properly, you will need the following:

• An active account on the Earth & Planetary Sciences (E&SP) Network. This is not your Email account which is obtained through CIRT. If you do not have a network account, you will need to submit a request for an account to Jim Connolly. The account forms are available online in Adobe Acrobat format on the Department Network Information page (http://epswww.unm.edu/compute.htm), or may be picked up from Cindy in the main office.
• A Macintosh computer running the Mac Operating System that has been setup on the campus Ethernet using the AppleTalk Protocol. Your computer should have an assigned name (i.e., "Joe Blow's Mac"), a fixed or "automatically assigned" IP address, an active ethernet port in your office (with outlets that look like wide phone jacks). Just because you have a box with two ethernet plugs in your office does not necessarily mean that you have active ports. If you are unsure if your network port is turned on, contact me (connolly@unm.edu), giving me the numbers which can be found on the port box, and I can check. If it is not active, I can request that CIRT activate it.
• A "Category 5" Ethernet network cable sufficiently long to reach from your computer to the network port on the wall. These may be purchased for $8 - $15 (depending on length) at the UNM bookstore.
• The ability to use the "Chooser" to make network and printer connections.

Connecting to the Ethernet

Newer Macintosh systems (iMacs, Mac G-4 and newer Mac G-3 systems) include built-in 10/100 Ethernet adapters as part of the system. Older systems require that a network interface connector (or NIC) be purchased as an add-on on this systems -- if you need to purchase a NIC, you will need to contact an Apple dealer to purchase one. In general, if you have to purchase an add-on NIC, your system is probably too old to be of much use on the network, and it will probably cost more that it is worth.

To connect you will need to make sure the port in your office is activated, and acquire a an Ethernet network cable as discussed above. With an installed NIC, active port and connected cable, you may activate your AppleTalk protocol over the Ethernet by going to the AppleTalk control panel and selecting "Ethernet" as the method to communicate with AppleTalk. Note: A significant limitation of the MacOS in older systems is the inability to use Local Talk (typically used by older systems for printing) and AppleTalk over Ethernet simultaneously. This means that while connected to the network, users of older Mac systems cannot print to local printers. This may be circumvented by printing to printers on our network or by printing to an Ethernet-connected printer, and is a major but unavoidable inconvenience. With all Mac OS versions beyond 8.1, this is not an issue.

After your system is communicating in AppleTalk to the network, you may proceed to the next sections.

Setting up MacTCP

Most Macintosh systems in the department will not be used as servers, therefore can use automatically obtained IP addresses from UNM's CIRT instead of having a fixed IP address. For those rare systems needing a fixed IP address, contact Jim Connolly who will do what is required to get an IP address assigned to you. Some older MacOS versions (notably 7.x) will not do dynamic addressing successful on our network and require fixed addresses. When you obtain the IP address, here is how you configure it:

1. From Control Panels (on your Apple Menu) select MacTCP. You have a choice of connecting with "Ethertalk" or "Ethernet". Choose Ethernet, then enter your assigned IP address (of the form 129.24.###.###) in the box. After you have done that, click on the "More" button.
2. In the detailed configuration box which pops up, enter the following: In Gateway address box enter: 129.24.40.1. For the subnet mask, move the "slider" arrow until the subnet mask reads 129.24.248.0. If a "Broadcast" address is requested, enter 129.24.47.255. In the "Domain" column, enter the domain name unm.edu twice and in the IP address column (next to unm.edu) enter 129.24.8.1 and 129.24.8.4. All of the other entries will be default values which will work fine. When done close the MacTCP dialog, save your changes and restart.

If using System 8.0 or newer, follow the steps below to setup the "automatic" MacTCP configuration:

1. From Control Panels (on your Apple Menu), select TCP/IP.
2. In the top box, make sure the "Connect via:" box shows Ethernet.
3. In the "Setup:" box, select "Configure Using DHCP Server". All of the other boxes will show "will be obtained from server" except for the search domains box in which you should enter unm.edu.
4. Close the TCP/IP dialog, saving your changes and restart.

After either of the above configuration methods are used, your TCP/IP connection to the network will be functional. This means that you will be able to use Web Browser software (Netscape or Internet Explorer) to browse the worldwide web and other kinds of Email and Internet software to access other Internet functions. Test your connection by starting your web browser and connecting to something. If you can connect to UNM's homepage (http://www.unm.edu) you are in good shape. To enable connection to EPS file servers, continue with the next steps.

Installing the Microsoft Authentication Protocol

(Note: This step has already been completed on the two iMacs in the computer lab. If you are using MacOS X, this step does not seem to be required -- apparently OS X includes the security module as part of the operating system and it does not need to be added.)

The (pre-OS X) AppleTalk network supports what are called "clear text" passwords; these are passed to other Macs in an unencrypted format. This does not provide acceptable security (since clear text passwords are not encrypted and may be "grabbed" by anyone monitoring network traffic). The first thing a Mac user must do is set their computer up to provide the server with user passwords in an encrypted format. This is a simple process:

1. From the chooser, select the AppleTalk Icon. From the list of AppleTalk zones (lower left of the chooser dialog), choose the NORTHROP_2 zone. From the list of servers (right hand window of the chooser dialog), find EPS or EPS1, select it and click on OK.
2. You are offered an option to connect as a registered user or as a guest. You can't connect as a registered user yet. Select Guest and click on OK.
3. There should be volumes to choose from. Select the Microsoft UAM Volume (the others, COMMON and USERS, will either not be visible or will be "greyed out" on the list). Select it and click on OK. Do not use the "check" box or you will unnecessarily mount this volume every time you turn on your computer.
4. A drive icon (a disk drive symbol with the Microsoft Windows flag symbol over it) will open on your desktop (All Macintosh volumes on our NT servers will show this symbol on your desktop with different labels underneath). Double-click on it to open it. It will contain a folder labeled Appleshare Folder. Open your local drive so that both the Appleshare Folder and the System folder on your local drive are visible on the desktop and drag the Appleshare Folder and drop it into the System folder. (This makes a copy of the MS UAM Volume on your system and gives your system the ability to deliver encrypted passwords over the network.)
5. When this has been done restart your system. After restarting, your Mac should be ready to "AppleTalk" to the server.

Routine Logons

On Windows and NT machines there is a definite logon and logoff process. Macintosh users log on to the network by connecting drives and printers through the "Chooser", and log off by dragging all network drives to the trashcan (or by shutting down the system). When your system starts or is running (with the Microsoft UAM installed), the following steps will get you logged on to network file resources:

1. Select the Chooser on the Apple menu, and click on the AppleTalk icon, and select the NORTHROP_2 zone, then select the server EPS1.
2. A box will pop up asking what type of logon method to use, either Apple or Microsoft Authentication. Select Microsoft Authentication and proceed.
3. A list of Apple-accessible drives will appear. These will include at least the USER (with personal file "home" areas) and COMMON (for class-, lab- and research-related files and programs). There are several others with specific uses. Select the one you want and click on OK. You may select more that one to connect to by holding down the shift key as you select the drives. Do not attempt to automount drives by clicking on them in the check boxes since this method is not supported with encrypted passwords.
4. You are asked for your Username and Password. Type them in the appropriate box and click on OK. The first time you logon you will need to enter your temporary password (the one on the small account confirmation form you got from Jim Connolly), and you will be immediately asked in a dialog box to enter your password again, and then select a new password and type it twice (to be sure you didn't make a typo). Remember to use the Tab key to move between fields. The MacOS allows a maximum of 8 characters for passwords. Your Username may be typed in upper or lower case or mixed characters, but your password MUST be typed exactly the same each time.
5. You do not need to log on to all drives at the same time. To log onto a second server drive, repeat the process with the chooser outlined above. Since you are already "validated", you will only need to select your drive and don't need to reenter your password.

Important note about Passwords: Make your password something you can remember but is hard to guess. I find mnemonics of phrases are good. For instance ictsrdis is a mnemonic for that famous Mad magazine proverb "Its crackers to slip rozzers dropsy in snyde". Passwords should be at least 7 characters in length -- anything less is too easy to guess by a random pattern generator. UNM's password generator for your Email account requires that you have at least one number embedded in your password, and won't allow passwords that don't have it. Computer hackers and security breaches are nontrivial problems on networks, so please use a good password.

After you logon, drive icons labeled USERS, COMMON (or whatever else you have opened) will appear on your desktop; these may be treated just like any other Mac drive.

Making Printer Connections

The NT operating system is very sophisticated about printers. As long as the printers are configured properly in the NT operating system, Mac users can print to non-Mac printers and vice-versa. There are several network printers available currently, and most of them begin with EPS followed by up to 5 letters that usually have something to do with its location. In some cases, special driver software will be needed to get the most out of a particular printer's capabilities -- see Jim Connolly if it has not already been set up on your system.

Users need to be logged on to the network (i.e., have connected to a network drive following the steps in Section 2 above) to connect to network printers. Failure to do this can sometimes result in unpredictable results and sometimes in failure to print your documents on the network printer. Connections to Network printers are made just like network drives:

1. Open the Chooser from the Apple menu.
2. Pick a printer icon. For the HP Printers, choose that driver if you have it. Apple Laserwriter will work for the B&W HP Laserjet 4M (EPS224AP) in the computer lab, and most other Postscript laser printers in the department. Apple LaserWriter 8 should be used for printing to the HP Color Lasejet 4500 (EPS224CL).
3. Look for the printers in the list which pops up, and scroll down to find the printer(s) you want. Everyone in the E&PS Domain is allowed access to EPS224AP (the Laserjet 4M plus in the computer lab Rm 209), and EPS224CL (the HP Laserjet 4500 color printer in 209).
4. If the printer is not behaving properly, use the setup printer button and have your Mac query the type of printer (Get Info button); this will usually cure most problems.
5. After you have connected, your print jobs will be sent to the printer you have connected to. To change printers, repeat the process selecting another printer with the Chooser. Important Note: Some Macs are pickier than others about how they utilize printers. Some require a restart after selecting a new "default" printer to sucessfully process queued print jobs, and some do not. You will need to do some trial and error with your own system to see what is required for successful printing.

Logging Off the Network

If any of the following describes you, please read and understand this section:

• You work on a Mac used by more than yourself (i.e., a lab, Workstation Rm 224).
• Your Mac is left on and is accessable to others while you are absent.
• You care about keeping your private files private.
• You have any sort of Administrator status (Domain Admin., Account Manager, etc.).

When you are done working on the network, there are two ways to log off. If you shutdown, you are automatically logged off and all network connections are closed. If you leave the system running (as is usual in the Workstation Room), you must drag all of your network drives (the ones with the cute network drive icons) to the trash can.

Why? When you leave your computer connected to the network, you are leaving your files and resources available to anyone who sits down at the computer. Its sort of like leaving your keys in your car with the engine running and the doors unlocked. Your work might be there as you left it, but you sure can't count on it.

Users should never give other users their account names and passwords, because access to resources is by username. The purpose of the COMMON area is to allow groups of users access to the same data or programs. You may even give permission to particular users to access some areas of your own network folder without opening all of your data up to possible accidental modification or deletion. If someone you work with needs an account (i.e., undergraduate assistant, work study, etc.), talk to Jim Connolly who can see that they get one.