DOCSLIB.ORG

Windows Networking Design Implementation Guide Page 1 of 29

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Cisco- Windows Networking Design Implementation Guide Page 1 of 29 Windows Networking Design Help us help you. ÿþýüûý ùüøý ø÷öû Implementation Guide ýø ÿ Excellent ÿ Good Contents ÿ Average ÿ Fair Introduction ÿ Poor What Is Windows Networking? Domains versus Workgroups ÷öû ýø What Protocol Does It Use? ùýýøý ü üûý Dynamic IP Addressing What Is DHCP? ÿ Yes DHCP Scopes ÿ No DHCP Relay DHCP Options ýûøöû ù öùýýø Cisco DHCP Servers Name Resolution NetBIOS Name Cache Broadcasts LMHOSTS Windows Internet Name Service (256 character limit) Internet DNS øöüþ øüø Name Lookup Order öùüøö The Microsoft LAN Services Browser Name: NetBIOS Names The Startup Process Email: Finding a Computer Viewing the Network Neighborhood Subnet Browsing ÿþýü Broadcast Browsing across Subnets Browsing Any Domain with WINS Turning Off Broadcasts Scaling to Larger Networks Trusted Domains Single Domain Global Trust Master Domain Multiple Master Domains Replicating WINS Modem Access Dial-on-Demand Routing ISDN Access Adtran http://www.cisco.com/warp/public/473/winnt_dg.htm 3/23/2001 Cisco- Windows Networking Design Implementation Guide Page 2 of 29 Motorola BitSURFR Client Software CiscoRemote Lite Examples Example 1 Configuration of Cisco 4700 Router Configuration of Cisco 2511 Access Server Example 2 LMHOSTS Configuration on Claude (a Client in the Marketing Domain) LMHOSTS Configuration on mkt_PDC (Primary Domain Controller for the Marketing Domain) Configuration of Cisco 7500 Router Configuration of an AS5200 in a Stack Group Configuration of Cisco 700 Router Example 3 Configuration of a Cisco 1600 Example 4 Appendix A: Turning Off Broadcast Name Resolution When Using Windows for Workgroups 3.11 Windows 95/98 Windows NT 3.51 Windows NT Registry Entries Finding Rogue Browse Masters Appendix B: Configuring DNS Resolution of WINS Names The DNS Boot File The DNS File for domain.com Introduction The term "networking" covers a broad range of technologies, which, combined together, allow computers to share information. Networking components can be segmented into end-system applications, network operating systems, and networking equipment. A network operating system is software run on all interconnected systems. Examples include Novell NetWare, Sun's NFS (Network File System), AppleShare, and Microsoft's implementation of a network operating system commonly called Windows Networking. Windows Networking is now extensively deployed with millions of nodes. This design guide explains the basic concepts of Windows Networking and provides insight on how to design networks (LANs and WANs) to best utilize this operating system. The guide also explains protocols, naming, and scaling issues associated with Windows Networking. What Is Windows Networking? Windows Networking refers to the networking system shared by the software that comes with all the following Microsoft operating systems or servers: http://www.cisco.com/warp/public/473/winnt_dg.htm 3/23/2001 Cisco- Windows Networking Design Implementation Guide Page 3 of 29 ÿ Microsoft LAN Manager ÿ MS-DOS with LAN Manager client ÿ Windows for Workgroups ÿ Windows 95, 98, and ME ÿ Windows NT and 2000 Microsoft LAN Manager, the LAN Manager client for MS-DOS, and Windows NT 3.1 are not discussed in this document except in an historical context. Domains versus Workgroups Windows Networking has three concepts of a group of related computers- workgroups, domains and a domain hierarchy. Workgroups can be any logical collection of computers; any computer on the network can join an existing workgroup or create a new one. More formal entities, domains are created and managed by a primary domain controller (PDC) process that runs on a Windows NT or Windows 2000 server. A domain has security and administrative properties that a workgroup does not. Each domain must have at least one NT or 2000 server, which is responsible for the PDC process, user account information in the domain, and security within the domain. Windows Networking domains are not the same as Internet domain names as used by the Domain Name System (DNS). A domain hierarchy or Active Directory Hierarchy is a collection of domains organized into parent-child relationships. This convention, introduced with Windows 2000, enables easier searching through multiple domains in a single query (among other things). This hierarchy maps closely to a DNS namespace. What Protocol Does It Use? Prior to Windows 2000, Windows Networking used the NetBIOS protocol for file sharing, printer sharing, messaging, authentication, and name resolution. A pure Windows 2000 installation would require NetBIOS only for interoperability with earlier versions of Windows Networking using the flat NetBIOS namespace. NetBIOS is a session-layer protocol that can run on any of the following transport protocols: ÿ NetBEUI (NetBIOS over LLC2) ÿ NWLink (NetBIOS over Internetwork Packet Exchange [IPX]) ÿ NetBIOS over TCP (NBT) Although Microsoft recommends that clients use only one transport protocol at a time for maximum performance, this setup is only the default for Windows 2000. You should pick a protocol to use for your entire network, preferably TCP/IP, and then turn the other protocols off because the NetBIOS name service maintains information about computer names (a name space) separately for each transport. Name spaces do not interact with each other; each transport operates as a separate network. http://www.cisco.com/warp/public/473/winnt_dg.htm 3/23/2001 Cisco- Windows Networking Design Implementation Guide Page 4 of 29 NetBEUI (NetBIOS over LLC2) is the least scalable of the three protocols because it must be bridged. NetBEUI is included only to support very old services (for example, old versions of LAN Manager). NetBEUI does not require any client address configuration. There is no fixed limit to the number of Windows clients can have with NetBEUI, but it is common for this solution to run into performance problems as the number of clients in a single bridge group goes above 50 to 100 users. The flat topology and reliance on broadcasts does not scale, especially when traffic must traverse a WAN link. NWLink is recommended only for networks already running IPX that cannot be upgraded to use TCP/IP. Similar to NetBEUI, NWLink requires no client address configuration. NWLink uses IPX type-20 packets to exchange registration and browsing information. To forward type-20 IPX packets across Cisco routers, you must configure ipx type-20 propagation on each interface on every router on your network. It is recommended to utilize NetBIOS over TCP (NBT) for most networks, or anytime the network includes a WAN. Since NBT uses TCP/IP, each computer must be configured to use a static IP address, or to fetch an IP address dynamically with the Dynamic Host Configuration Protocol (DHCP). For ease of network administration, it is highly recommended to use DHCP; for optimum network performance, it is highly recommended to use a (Windows Internet Name Service) WINS server as well. A WINS server allows clients to get browsing information without having to broadcast requests everytime. There is a direct correlation between the number of broadcasts in a network and network performance; broadcasts are necessary for a network to function, but minimizing them can be critical. Cisco recommends that most customers use TCP/IP for Windows Networking. The bulk of this design guide focuses on designs using NBT. Dynamic IP Addressing What Is DHCP? Manually addressing TCP/IP clients is both time consuming and error prone. To solve this problem, the Internet Engineering Task Force (IETF) developed DHCP, the Dynamic Host Configuration Protocol. DHCP is designed to automatically provide clients with a valid IP address and related configuration information (see the section DHCP Options below). Each range of addresses that a DHCP server manages is called a scope. DHCP Scopes You must configure a range of addresses for every IP subnet where clients will request a DHCP address; each range of addresses is called a DHCP scope. You can configure a DHCP server to serve several scopes since the DHCP server or servers do not need to be physically connected to the same network as the client. If the DHCP server is on a different IP subnet from the client, then you need to use DHCP relay to forward DHCP requests to your DHCP server. DHCP Relay http://www.cisco.com/warp/public/473/winnt_dg.htm 3/23/2001 Cisco- Windows Networking Design Implementation Guide Page 5 of 29 DHCP relay typically runs on a router and the relay support is available on Windows NT Server version 4.0 and Windows 2000 Server. On Cisco 700 series routers, you can turn on DHCP relay with the set dhcp relay command. You can turn on DHCP relay on a Cisco IOS router by configuring ip helper-address with the address of the DHCP server on each interface that will have DHCP clients. The ip helper-address command forwards many other IP broadcasts, including DNS, Trivial File Transfer Protocol (TFTP), and NetBIOS name service packets. To forward only DHCP requests, see the following example configuration. For more information, see the "Configuring Broadcast Handling" section in the Network Protocols Configuration Guide, Part I. no ip forward-protocol udp tftp no ip forward-protocol udp dns no ip forward-protocol udp time no ip forward-protocol udp netbios-ns no ip forward-protocol udp netbios-dgm no ip forward-protocol udp tacacs ip forward-protocol udp bootpc ! interface ethernet 0 ip helper-address 172.16.12.15 interface ethernet 1 ip helper-address 172.16.12.15 DHCP Options In addition to its IP address, a DHCP client can get other TCP/IP configuration information from a DHCP server, including the subnet mask, default gateway, and DNS information. These pieces of information, called DHCP options, can be configured in the DHCP Manager on your Windows NT or Windows 2000 DHCP server. Figure 1: Microsoft's DHCP Manager http://www.cisco.com/warp/public/473/winnt_dg.htm 3/23/2001 Cisco- Windows Networking Design Implementation Guide Page 6 of 29 If your clients are using Windows Internet Name Service (WINS) for name resolution (discussed later), you should configure the address of the WINS server and the WINS node type.
Recommended publications
  • Windows Command Prompt Cheatsheet

    Windows Command Prompt Cheatsheet

    Windows Command Prompt Cheatsheet - Command line interface (as opposed to a GUI - graphical user interface) - Used to execute programs - Commands are small programs that do something useful - There are many commands already included with Windows, but we will use a few. - A filepath is where you are in the filesystem • C: is the C drive • C:\user\Documents is the Documents folder • C:\user\Documents\hello.c is a file in the Documents folder Command What it Does Usage dir Displays a list of a folder’s files dir (shows current folder) and subfolders dir myfolder cd Displays the name of the current cd filepath chdir directory or changes the current chdir filepath folder. cd .. (goes one directory up) md Creates a folder (directory) md folder-name mkdir mkdir folder-name rm Deletes a folder (directory) rm folder-name rmdir rmdir folder-name rm /s folder-name rmdir /s folder-name Note: if the folder isn’t empty, you must add the /s. copy Copies a file from one location to copy filepath-from filepath-to another move Moves file from one folder to move folder1\file.txt folder2\ another ren Changes the name of a file ren file1 file2 rename del Deletes one or more files del filename exit Exits batch script or current exit command control echo Used to display a message or to echo message turn off/on messages in batch scripts type Displays contents of a text file type myfile.txt fc Compares two files and displays fc file1 file2 the difference between them cls Clears the screen cls help Provides more details about help (lists all commands) DOS/Command Prompt help command commands Source: https://technet.microsoft.com/en-us/library/cc754340.aspx.
  • Data Link Switching: Switch-To-Switch Protocol

    Data Link Switching: Switch-To-Switch Protocol

    Network Working Group R. Dixon Request for Comments: 1434 D. Kushi IBM March 1993 Data Link Switching: Switch-to-Switch Protocol Status of this Memo This memo provides information for the Internet community. It does not specify an Internet standard. Distribution of this memo is unlimited. Abstract This RFC describes IBM's support of Data Link Switching over TCP/IP. The RFC is being distributed to members of the Internet community in order to solicit their reactions to the proposals contained in it. While the issues discussed may not be directly relevant to the research problems of the Internet, they may be interesting to a number of researchers and implementors. Any questions or comments relative to the contents of this RFC should be sent to the following Internet address: [email protected]. Table of Contents 1. Introduction..................................................................................................................................... 3 2. Overview ......................................................................................................................................... 3 3. Transport Connection ...................................................................................................................... 4 3.1. SSP Frame Formats......................................................................................................... 5 3.2. Address Parameters.........................................................................................................7 3.3. Message Types...............................................................................................................
  • Your Performance Task Summary Explanation

    Your Performance Task Summary Explanation

    Lab Report: 11.2.5 Manage Files Your Performance Your Score: 0 of 3 (0%) Pass Status: Not Passed Elapsed Time: 6 seconds Required Score: 100% Task Summary Actions you were required to perform: In Compress the D:\Graphics folderHide Details Set the Compressed attribute Apply the changes to all folders and files In Hide the D:\Finances folder In Set Read-only on filesHide Details Set read-only on 2017report.xlsx Set read-only on 2018report.xlsx Do not set read-only for the 2019report.xlsx file Explanation In this lab, your task is to complete the following: Compress the D:\Graphics folder and all of its contents. Hide the D:\Finances folder. Make the following files Read-only: D:\Finances\2017report.xlsx D:\Finances\2018report.xlsx Complete this lab as follows: 1. Compress a folder as follows: a. From the taskbar, open File Explorer. b. Maximize the window for easier viewing. c. In the left pane, expand This PC. d. Select Data (D:). e. Right-click Graphics and select Properties. f. On the General tab, select Advanced. g. Select Compress contents to save disk space. h. Click OK. i. Click OK. j. Make sure Apply changes to this folder, subfolders and files is selected. k. Click OK. 2. Hide a folder as follows: a. Right-click Finances and select Properties. b. Select Hidden. c. Click OK. 3. Set files to Read-only as follows: a. Double-click Finances to view its contents. b. Right-click 2017report.xlsx and select Properties. c. Select Read-only. d. Click OK. e.
  • NETSTAT Command

    NETSTAT Command

    NETSTAT Command | NETSTAT Command | Use the NETSTAT command to display network status of the local host. | | ┌┐────────────── | 55──NETSTAT─────6─┤ Option ├─┴──┬────────────────────────────────── ┬ ─ ─ ─ ────────────────────────────────────────5% | │┌┐───────────────────── │ | └─(──SELect───6─┤ Select_String ├─┴ ─ ┘ | Option: | ┌┐─COnn────── (1, 2) ──────────────── | ├──┼─────────────────────────── ┼ ─ ──────────────────────────────────────────────────────────────────────────────┤ | ├─ALL───(2)──────────────────── ┤ | ├─ALLConn─────(1, 2) ────────────── ┤ | ├─ARp ipaddress───────────── ┤ | ├─CLients─────────────────── ┤ | ├─DEvlinks────────────────── ┤ | ├─Gate───(3)─────────────────── ┤ | ├─┬─Help─ ┬─ ───────────────── ┤ | │└┘─?──── │ | ├─HOme────────────────────── ┤ | │┌┐─2ð────── │ | ├─Interval─────(1, 2) ─┼───────── ┼─ ┤ | │└┘─seconds─ │ | ├─LEVel───────────────────── ┤ | ├─POOLsize────────────────── ┤ | ├─SOCKets─────────────────── ┤ | ├─TCp serverid───(1) ─────────── ┤ | ├─TELnet───(4)───────────────── ┤ | ├─Up──────────────────────── ┤ | └┘─┤ Command ├───(5)──────────── | Command: | ├──┬─CP cp_command───(6) ─ ┬ ────────────────────────────────────────────────────────────────────────────────────────┤ | ├─DELarp ipaddress─ ┤ | ├─DRop conn_num──── ┤ | └─RESETPool──────── ┘ | Select_String: | ├─ ─┬─ipaddress────(3) ┬ ─ ───────────────────────────────────────────────────────────────────────────────────────────┤ | ├─ldev_num─────(4) ┤ | └─userid────(2) ─── ┘ | Notes: | 1 Only ALLCON, CONN and TCP are valid with INTERVAL. | 2 The userid
  • DSU Routefinder Model MTASR2-201

    DSU Routefinder Model MTASR2-201

    LAN-to-LAN Routing for Central-Site and Branch Office Networks DSU RouteFinder Model MTASR2-201 User Guide User Guide 88301701 Revision B DSU RouteFinder (Model MTASR2-201) This publication may not be reproduced, in whole or in part, without prior expressed written permission from Multi-Tech Systems, Inc. All rights reserved. Copyright © 1998, 1999, by Multi-Tech Systems, Inc. Multi-Tech Systems, Inc. makes no representations or warranties with respect to the contents hereof and specifically disclaims any implied warranties of merchantability or fitness for any particular purpose. Furthermore, Multi-Tech Systems, Inc. reserves the right to revise this publication and to make changes from time to time in the content hereof without obligation of Multi-Tech Systems, Inc. to notify any person or organization of such revisions or changes. Record of Revisions Revision Description A Manual released; covers software revision 3.00. All pages at revision A. (11/3/98) B Manual revised to show E1 (2.048 Mbps) synchronous capability for WAN link; (11/30/99) also added new command cable. All pages at revision B. Patents This Product is covered by one or more of the following U.S. Patent Numbers: 5.301.274; 5.309.562; 5.355.365; 5.355.653; 5.452.289; 5.453.986. Other Patents Pending. TRADEMARK Trademark of Multi-Tech Systems, Inc. is the Multi-Tech logo and RouteFinder. Windows is a registered trademark of Microsoft Corporation in the United States and other countries. Multi-Tech Systems, Inc. 2205 Woodale Drive Mounds View, Minnesota 55112 (612) 785-3500 or (800) 328-9717 Fax 612-785-9874 Tech Support (800) 972-2439 BBS (612) 785-3702 or (800) 392-2432 Internet Address: http://www.multitech.com Contents Chapter 1 - Introduction and Description Introduction ......................................................................................................................................................
  • Open Directory Administration for Version 10.5 Leopard Second Edition

    Open Directory Administration for Version 10.5 Leopard Second Edition

    Mac OS X Server Open Directory Administration For Version 10.5 Leopard Second Edition Apple Inc. © 2008 Apple Inc. All rights reserved. The owner or authorized user of a valid copy of Mac OS X Server software may reproduce this publication for the purpose of learning to use such software. No part of this publication may be reproduced or transmitted for commercial purposes, such as selling copies of this publication or for providing paid-for support services. Every effort has been made to make sure that the information in this manual is correct. Apple Inc., is not responsible for printing or clerical errors. Apple 1 Infinite Loop Cupertino CA 95014-2084 www.apple.com The Apple logo is a trademark of Apple Inc., registered in the U.S. and other countries. Use of the “keyboard” Apple logo (Option-Shift-K) for commercial purposes without the prior written consent of Apple may constitute trademark infringement and unfair competition in violation of federal and state laws. Apple, the Apple logo, iCal, iChat, Leopard, Mac, Macintosh, QuickTime, Xgrid, and Xserve are trademarks of Apple Inc., registered in the U.S. and other countries. Finder is a trademark of Apple Inc. Adobe and PostScript are trademarks of Adobe Systems Incorporated. UNIX is a registered trademark of The Open Group. Other company and product names mentioned herein are trademarks of their respective companies. Mention of third-party products is for informational purposes only and constitutes neither an endorsement nor a recommendation. Apple assumes no responsibility with regard to the performance or use of these products.
  • Subject: What This App Note Is All About

    Subject: What This App Note Is All About

    OPERATOR INTERFACE PRODUCTS APPLICATION NOTE Subject: Setting Up a Dual Boot System AN 1024A Date: 7/16/96 Name: Irvin Hayes Jr Page: 1 of 2 Description: Dual Booting with Windows 95 and Windows 3.XX To install Windows 95 with dual-boot capabilities for MS-DOS, the computer must already be running version 5.x or 6.x of MS-DOS or PC-DOS and already have Windows 3.XX installed. Important In order to take advantage of the Windows 95 dual-boot capabilities, the entry BootMulti=1 must be set in the Windows 95 MSDOS.SYS file in the root directory To set up dual-boot capabilities for a new installation of Windows 95 • During Windows 95 Setup, when you are installing Windows 95 for the first time, make sure you specify a new directory that does not already have another version of Windows in it. Windows 95 Setup makes all of the necessary changes to preserve your existing version of MS- DOS, Windows 3.x, or Windows for Workgroups 3.x, and your current AUTOEXEC.BAT and CONFIG.SYS files. If you have already installed Windows 95 without dual-boot capabilities, you can follow these steps to allow MS-DOS to dual boot with Windows 95. However, you will not be able to dual boot with your previous version of Windows. To set up dual-boot capabilities after Windows 95 has been installed 1. On a bootable floppy disk that starts MS-DOS 5.0 or greater, rename the IO.SYS and MSDOS.SYS files on the disk to IO.DOS and MSDOS.DOS.
  • Introduction to Computer Networking

    Introduction to Computer Networking

    www.PDHcenter.com PDH Course E175 www.PDHonline.org Introduction to Computer Networking Dale Callahan, Ph.D., P.E. MODULE 7: Fun Experiments 7.1 Introduction This chapter will introduce you to some networking experiments that will help you improve your understanding and concepts of networks. (The experiments assume you are using Windows, but Apple, Unix, and Linux systems will have similar commands.) These experiments can be performed on any computer that has Internet connectivity. The commands can be used from the command line using the command prompt window. The commands that can be used are ping, tracert, netstat, nslookup, ipconfig, route, ARP etc. 7.2 PING PING is a network tool that is used on TCP/IP based networks. It stands for Packet INternet Groper. The idea is to verify if a network host is reachable from the site where the PING command issued. The ping command uses the ICMP to verify if the network connections are intact. When a PING command is issued, a packet of 64 bytes is sent to the destination computer. The packet is composed of 8 bytes of ICMP header and 56 bytes of data. The computer then waits for a reply from the destination computer. The source computer receives a reply if the connection between the two computers is good. Apart from testing the connection, it also gives the round trip time for a packet to return to the source computer and the amount of packet loss [19]. In order to run the PING command, go to Start ! Run and in the box type “cmd”.
  • Freeipa Global Catalog Challenges

    Freeipa Global Catalog Challenges

    FreeIPA Global Catalog challenges Samba XP - 2020 May 27 Alexander Bokovoy Florence Blanc-Renaud Red Hat / Samba team Red Hat Alexander: ● Samba team member since 2003 ● FreeIPA core developer since 2011 Florence ● LDAP server technology engineer since 2007 ● FreeIPA core developer since 2016 Samba: ● Andreas Schneider ● Isaac Boukris ● Simo Sorce 389-ds LDAP server ● Thierry Bordaz ● William Brown Thank you all! ● Mark Reynolds ● Ludwig Krispenz MIT Kerberos ● Greg Hudson ● Robbie Harwood ● Isaac Boukris ● Simo Sorce and many others Allow access to Active Directory resources for IPA users and services Frankenstein's Active Directory: for Linux clients, not Windows Uses 389-ds LDAP server, MIT Kerberos, and Samba NT domain controller code base to implement what Active Directory domain controller sees as a separate Active Directory forest ▸ LDAP schema optimized for Linux clients and POSIX identity management use cases ▸ Flat directory information tree for users, groups, and services ▸ No compatibility with Active Directory schema ▸ LDAP objects specific to POSIX environment use cases (SUDO rules, own access control rules, etc) ▸ KDC based on MIT Kerberos, native two-factor authentication and modern pre-authentication methods ▸ NetLogon and LSA pipes with enough support to allow AD DCs to interoperate via a forest trust ▸ Integrated DNS server and Certificate Authority It is not that simple... Global Catalog Entries LDAP is a communication protocol designed with flexibility and extensibility in mind ▸ Schema: ▸ Syntaxes ▸ Attribute types
  • TB-1052 Digital Video Systems

    TB-1052 Digital Video Systems

    IRIS TECHNICAL BULLETIN TB-1052 Digital Video Systems Subject: Installing and Running Check Disk on XP Embedded Systems Hardware: TotalVision-TS Software: IRIS DVS XPe Ver. 11.04 and Earlier (Including FX and non-FX Units) Release Date: 12/22/08 SUMMARY IRIS DVS units initially produced prior to January 1, 2009 may not have complete support for running chkdsk.exe even though the chkdsk.exe file exist in the Windows/System32 directory. This Technical Bulletin describes how to install and run the Check Disk (ChkDsk) utility to minimize file corruption problems and potential RAW Disk failures. INSTALLING SOFTWARE Several additional files are needed to be installed on the DVS hard drive. You can get a copy of these files at the IRIS Web Service Site www.SecurityTexas.com/service. Download the “Check Disk Upgrade” package and follow the instructions in the ReadMe file of that zip file on how to upgrade the files on the DVS. Once the files are copied to the hard drive, highlight the file “EVENTVWR.MSC” and then select “File- >Pin to Start Menu” to provide an easy way to access the Event Viewer. After the required software has been installed run Windows File Explorer and select the C:\BankIRIS_NT directory. Double-click on the AUTOCHECK.REG file. Answer YES in response to the two prompts to update the registry. Expert Mode: To verify that the registry changes were done you can select “Start->Run” and type in “RegEdit.exe” to run the Registry Editor. Select the key “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Sesion Manager”. Select the key "BootExecute".
  • Freeipa 3.3 Trust Features

    Freeipa 3.3 Trust Features

    FreeIPAFreeIPA 3.33.3 TrainingTraining SeriesSeries FreeIPA 3.3 Trust features Sumit Bose, Alexander Bokovoy March 2014 FreeIPA and Active Directory ● FreeIPA and Active Directory both provide identity management solutions on top of the Kerberos infrastructure ● FreeIPA AD Trust feature is designed ● To give Active Directory users access to FreeIPA resources ● To allow FreeIPA servers and clients to resolve identities of AD users and groups ● FreeIPA AD Trust feature does not require ● Synchronizing accounts and passwords with AD ● Installing any software on AD domain controllers 2 FreeIPA 3.3 Training Series Cross-realm forest trust: FreeIPA and Active Directory ● FreeIPA exposes its own realm as an Active Directory- compatible forest ● Two Active Directory-compatible forests can trust each other ● As result: ● Active Directory users can access FreeIPA resources ● FreeIPA servers and clients can resolve identities of AD users and groups ● Access to FreeIPA is controlled by FreeIPA rules (HBAC, ...) for Active Directory users and groups ● All AD user and group management stays at AD side 3 FreeIPA 3.3 Training Series Active Directory → FreeIPA ● FreeIPA Kerberos infrastructure cannot be joined to Active Directory forest as a domain, only trusted as an Active Directory-compatible forest ● FreeIPA provides access to its own services to Active Domain's users by trusting Active Directory Kerberos infrastructure ● All FreeIPA access control decisions are done on FreeIPA side ● FreeIPA uses Kerberos trust by an Active Directory to perform LDAP
  • Zbigniew S. Szewczak Systemy Operacyjne

    Zbigniew S. Szewczak Systemy Operacyjne

    Zbigniew S. Szewczak Systemy Operacyjne Wykład 4 Sieciowe systemy operacyjne. Toruń, 2005 Terminy egzaminów ✦ piątek, 17.02.2006, g.12.00-14.00 ✦ ✦ niedziela, 5.03.2006, g.14.00-16.00 ✦ O czym będzie? ✦ Systemy sieciowe ✦ System sieciowy NFS ✦ System sieciowy SMB ✦ NetBIOS ✦ Protokół SMB/CIFS ✦ Funkcje Samby ✦ Struktura systemu Samba ✦ SMB w systemie Windows ✦ System sieciowy NCP Sieciowy system komputerowy ✦ Sieciowy system komputerowy jest tą częścią systemu komputerowego, która dziedziczy odpowiedzialność za komunikowanie się komputerów poprzez łącza ✦ sprzęt - medium transmisji danych, karta sieciowa, modem ✦ system operacyjny - implementacja protokołu (TCP/IP, NetBEUI, IPX/SPX ) w jądrze ✦sieciowy podsystem operacyjny : SMB, NFS, NCP ✦inne systemy : Andrew FS (IBM), Coda FS (CMU) ✦ programy użytkowe - przeglądarka WWW, telnet, ftp ✦ użytkownicy: zdalny komputer, osoba używająca ftp Sieciowe systemy operacyjne - modus operandi ✦ Sieciowy system operacyjny (ang. network operating system ) tworzy środowisko, w którym użytkownicy - świadomi wielości maszyn - uzyskują dostęp do zdalnych zasobów rejestrując się na odpowiednich zdalnych maszynach lub też użyczają zdalnie swoich lokalnych zasobów nadając im w tym celu na swojej maszynie stosowne uprawnienia do zdalnego dostępu ✦ zdalne zasoby: urządzenia we/wy (dyski, drukarki), procesory, pamięć operacyjna , (magistrala?) Sieciowe systemy operacyjne - modus procedendi ✦ Aby sieciowe systemy operacyjne mogły się komunikować potrzebne są sieci komputerowe ✦ Komunikacja w sieci komputerowej odbywa się na podstawie ściśle określonego zbioru reguł zwanego protokołem ✦ Sieciowy system operacyjny realizuje zwykle wiele protokołów komunikowania się ✦ Protokoły komunikowania się klasyfikujemy według modelu OSI lub TCP/IP Sieciowe systemy operacyjne - modus procedendi (c.d.) ✦ Problem sposobu komunikowania się ✦ model klient/serwer ✦ Peer-to-Peer (P2P) ✦ Protokoły sieciowe działają pomiędzy różnymi: ✦ architekturami komputerów ✦reprezentacja danych: kolejność bajtów, rozmiary danych (np.