NT 4.0 adds some new twists to a familiar component

Windows NT Server's Services for Macintosh integrates Macs with NT. Most enterprises have a few Macs that run applications ranging from graphics and illustration packages to word processing and relational databases. Services for Macintosh turns your NT server into a file-and-print server for those Macs: You can store Mac documents on your NT server and print them to an AppleTalk printer or server-attached printer via NT's print queues. To ease the integration of your AppleTalk and NT networks, Services for Macintosh also provides AppleTalk routing and Microsoft's encrypted authentication service.

Unfortunately, NT 4.0 does not provide a single interface for managing Services for Macintosh. Using a combination of Server Manager, File Manager (yes, it's still in NT 4.0), the Network Control Panel applet, a MacFile Control Panel applet, and optionally a command-line utility, you can configure all aspects of Services for Macintosh. File Manager is the only GUI utility where you can set Mac file associations. By default, the Start Menu does not reference File Manager when you install NT Server 4.0. To access File Manager, click Run from the Start Menu, enter winfile, and click OK. If you've already installed Services for Macintosh, you see a new menu option, MacFile, in File Manager, as in Screen 1. From this menu, you can configure aspects of the file system that Services for Macintosh uses.

From these utilities, you can install and configure Services for Macintosh and AppleTalk routing (Network Control Panel), create new Mac-accessible volumes (Server Manager and File Manager), set Mac application-specific file associations (File Manager), and see which Mac users are connected to your server and what files they have open (MacFile Control Panel applet). The MacFile Control Panel applet also lets you set some general service options for Services for Macintosh, such as which authentication method to use, how many users can connect to the server, and what name the server appears as on your Mac client's Chooser.

Let's examine the features of Services for Macintosh, how to install and configure file-and-print services (including AppleTalk routing and Microsoft authentication), and how to connect to an NT server from your Mac. I'll also review some rules about Mac file naming on NT servers, and how to keep it from getting ugly.

Services for Macintosh Features
Services for Macintosh provides file-and-print services to your Mac clients. With these services installed, your NT 4.0 server emulates an AppleShare server. To your Macs, your NT server is an AppleShare server. When you install Services for Macintosh, you see two new services in the Services Control Panel: File Server for Macintosh, which provides file services, and Print Server for Macintosh, which handles print serving functions to the Mac.

To provide Mac file services, you use Server Manager or File Manager to create Mac-accessible volumes on your NT server's hard drives. These volumes are NT folders that must exist on an NT File System (NTFS) partition that is accessible to both PC and Mac clients. Because Macs use different file permissions for AppleShare resources, Services for Macintosh includes options in both Server Manager and File Manager to manage these volumes and assign Mac-specific file permissions to NTFS files and folders.

Two configuration options support Mac printing services. The first is to use NT Server's printer utilities to capture a networked, AppleTalk-based Postscript printer. This option lets you spool print jobs from the NT Server print spooler. Most Macs run a local print spooler, so you need to disable this feature on your clients if you want NT Server to capture your AppleTalk printers.

The second print option lets you connect any printer to the serial or parallel ports of your NT Server. You can use this configuration to share the printer with both PC and Mac clients. If the printer doesn't use Postscript, the Macintosh Print Server will convert the job to the printing language the printer supports.

Installing File-and-Print Services
Anyone who's ever had to install and configure Novell NetWare for Macintosh NetWare loadable modules (NLM-an NLM is equivalent to an NT service) with its cryptic load commands, will love the speed at which you can get Services for Macintosh running on NT Server 4.0. All the GUI-based utilities are self-explanatory and include good context-sensitive Help.

In just a few steps, you can install Services for Macintosh, including configuring AppleTalk Phase 2 routing. From the Control Panel, select Services, and click Add. Scroll down the list, highlight Services for Macintosh, and click OK. When the system prompts you for the location of your NT Server distribution files, enter the location and click Continue.

After NT copies the appropriate distribution files, click Close in the Network dialog. The system updates the network bindings and prompts you to enter the default zone and routing information for the default network adapter installed on your server. Screen 2 shows the dialog for configuring this information. If you have multiple adapters installed, you need to configure each one for AppleTalk routing. If your NT Server connects to a network that has an AppleTalk router already defined, the system automatically locates the default zone for that network adapter. When you finish configuring Services for Macintosh, click OK and restart your server so the changes can take effect.

After you install Services for Macintosh, you can set up printers for your Mac clients. From the Start Menu, choose Settings, and select Printers. Double-click the Add Printer icon, select My Computer, and click Next. If you are installing the printer on the NT server's serial or parallel port, choose the appropriate port number and click Next. To capture a networked AppleTalk Printer, click Add Port, select AppleTalk Printing Devices, and click New Port.

A list of available zones appears. Double-click the zone where your AppleTalk printer resides. NT Server will scan the zone and return a list of all printers available. Select the printer to capture, click OK, and click Next to continue.

Choose the correct printer manufacturer and model, and click Next. Now you modify the printer name as it appears in your Windows-based applications, confirm the name, and click Next.

To share access to this printer with other Windows clients, enter a share Name and select the Windows platforms that need drivers. The system will prompt you to print a test page to verify connectivity to the printer.

Finally, the system prompts you to enter the path to your NT Server distribution files and copies the appropriate printer drivers to your server. The new printer now appears in the Printers windows.

AppleTalk Routing
NT Server 4.0 supports AppleTalk Phase 2 routing. When you install Services for Macintosh, the AppleTalk protocol installs and binds to any NICs on your server. Services for Macintosh supports Ethernet, Token Ring, Fiber Distributed Data Interface (FDDI), and LocalTalk network topologies. If you have Macintosh network on LocalTalk, a PC-based LocalTalk card lets you connect the network directly to your NT server. Check the Hardware Compatibility List for supported cards.

AppleTalk Phase 2 routing uses network number ranges to represent a segment (a physically contiguous network). With TCP/IP network addresses, this range corresponds to the network portion of an IP address. No two ranges can overlap on a given AppleTalk network--Figure 1 shows a network with two separate ranges. Two numbers separated by a dash (e.g., 10-15) can represent network ranges on an AppleTalk router such as NT Server. Network numbers can range from 1 to 65,279. This range tells the router which network addresses to advertise on the attached segment. When designing a large AppleTalk network, use as small a range as possible on each segment to conserve network address space.

Each network number can accommodate up to 253 node numbers. A node number corresponds to the host portion of an IP address. Mac nodes on an AppleTalk segment are dynamically assigned node numbers when they start. This combination of network number range and node number uniquely identifies an AppleTalk device to the network.

For example, if a given network segment has only 50 Mac nodes, you can use one network number, such as 10, represented as the range of 10-10. This representation means the network 10-10 can accommodate up to 253 nodes. If your network segment has 500 Mac nodes, you need more than one network number range. For example, 10-11 encompasses two 253-node address ranges.

AppleTalk's concept of zones lets you logically group AppleTalk resources. In LocalTalk-based networks, you can have only one zone per physical segment. Ethernet, Token Ring, and FDDI allow multiple zones on one segment. As you saw when installing Services for Macintosh, if a default zone definition exists on the segment connected to the NT server, the system automatically detects it. You can define new zones and new network ranges by setting up your NT server as an AppleTalk seed router.

NT Server as a Seed Router
For each physical AppleTalk network segment in your network, you must have one seed router. It provides the segment's network number range and default zone. If multiple AppleTalk routers are on a segment, only one needs to be a seed router. By double-clicking Services for Macintosh in the Services Control Panel, you can configure NT Server 4.0 as either a plain router or a seed router. Use the plain router configuration if you already have a seed router connected to the server on your AppleTalk segment. Configure the server as a seed router if no other seed routers are providing network number and zone information on the segment.

From the Mac's Perspective
After you install Services for Macintosh on your NT server, you can share file and printer resources with your Mac clients. First install the Microsoft User Authentication Module (UAM) to give your Macs the same level of security that NT affords its Windows-based clients.

UAMs
When you install Services for Macintosh, the installer creates a new Mac-accessible Microsoft UAM volume folder on your hard drive. The folder contains the Microsoft UAM file for installing NT security on Mac clients.

By default, when your Mac logs in to an NT server, the Apple UAM handles the logon process, which passes your username and password as clear text (i.e., not encrypted) to the server. This process is a potential security loophole because anyone watching with a network analyzer can easily capture the logon process. To prevent this breach, you can use the Microsoft UAM that comes with Services for Macintosh. The Microsoft UAM gives the Mac encrypted NT security during the logon process.

To install the Microsoft UAM on your Mac, click the Apple Menu, select Chooser, and click AppleShare. In the Select a File Server dialog, select your NT server from the list of available AppleShare servers for your zone, as in Screen 3, and click OK.

Enter an existing NT username and password to log on to the server. Select the Microsoft UAM volume from the list of Mac-accessible folders, and click OK. The system will mount the folder, which will appear on your desktop as a disk icon. Double-click the disk icon to open the folder--you see the AppleShare folder.

Open the AppleShare folder, and drag the Microsoft UAM file in this folder to the AppleShare folder in your Mac's System folder. If you don't have an AppleShare folder in the System folder, create one before copying the file. Restart your Mac.

Accessing NT Resources from the Mac
One of the best features of Services for Macintosh is that Mac users don't have to change their behavior. From the Apple Menu, they can select Chooser to access NT Server-based file folders and printers just as they do with any other AppleTalk resource. To connect to Mac-accessible folders on the server, users can simply click AppleShare in the Chooser window. A list of zones and available servers will appear. If you installed the Microsoft UAM, once you select the server to log on to, you get the option to use the standard Apple or Microsoft UAM. You then provide a username and password, as in Screen 4, defined on your NT server just as for any other NT user account. After the server authenticates you as a valid user, you see a list of Mac-accessible folders to mount. You can choose one or more folders and click a box on each to have the system auto-mount them at startup.

Printer connections are also simple to make. From the Chooser, click LaserWriter to see a list of available printers. Whether you've defined an AppleTalk printer on your NT server or configured a printer directly attached to the server, the printer will show up in the LaserWriter dialog. Remember, however, that you need to disable the local spooling function on each Mac client, so NT Server can spool printers it has captured. To disable the local spooling, turn off Background Printing on your Mac from the LaserWriter Chooser dialog.

Filenames and Associations
A big benefit of Services for Macintosh is that your PC and Mac clients can share folders and files when you define Mac-accessible folders on your NT server. However, you need to be aware of some file-naming limitations. Although NTFS partitions support filenames up to 256 characters long, the Mac file system can support only up to 31 characters, and DOS clients are limited to 8.3 filenames. As a result, Mac, DOS, and NT users sharing and accessing Mac-accessible folders on an NT server can cause confusion. NT addresses Mac filename limitations the same way it handles FAT-based clients. So if you store a file in a Mac-accessible folder with a filename longer than 31 characters, Services for Macintosh converts the filename for Mac clients: The file appears on the Mac with the first six characters, then a tilde (~), and a number. For example, the filename annual budget for the accounting department.xls becomes annual~1.xls. If you have another file called annual budget for the finance department.xls, it becomes annual~2.xls, and so on.

What to Watch For
Overall, Services for Macintosh in NT Server 4.0 is easy to install, easy to use, and relatively problem free. After you get past the myriad of overlapping utilities for controlling Services for Macintosh, you find integrating your Mac clients in your NT network easy.

If you have to modify any AppleTalk routing parameters after initially installing Services for Macintosh, you'll want to note one idiosyncrasy with the setup routine: After you change a routing configuration, such as changing the default zone, NT will prompt you to restart AppleTalk for the changes to take effect. Unfortunately, you can't just restart AppleTalk. If you try to stop the AppleTalk device from the Devices Control Panel, you get an error. The easiest solution is to restart NT Server for your changes to take effect.