SYSTEM ADMINISTRATION Chapter 16 Client Workstation Basics Understanding Network Client Computers • A network client computer can be defined simply as a computer that has the necessary hardware and software installed to allow it to connect to a network. • Moreover, most network clients can also function as a server. A server serves, or provides a service to the other clients on the network. Adapters • Adapters are the pieces of hardware that allow the cable to connect to the computer. • Once the hardware is installed, a piece of software known as a device driver is installed to allow the operating system to communicate with the hardware. • Some of the more common adapters are: – Integrated Services Digital Network (ISDN) cards – Modems – Network interface cards (NICs) Selecting and Installing Network Interface Cards (NICs) • The most common type of adapter used in a networked computer is a network interface card (NIC). • The NIC is a piece of hardware in the form of an expansion card that is installed inside the computer. • When selecting a NIC for your network installation, your choice will be governed by the type of expansion slots that are available on the computer’s motherboard. Network Software and Properties • Network software generally falls into three broad categories: clients, protocols, and services. • This software is installed on the client computer through the Network Properties dialog box. Client Software • Client software is installed on a computer to allow the computer to send requests to a server or another computer on the network. • Client software, or just clients, are often referred to as “redirectors” because they have the ability to redirect requests for resources that are not located on the local machine. • The most common network clients in use today are the clients for Microsoft and Novell networks. Microsoft Client for Microsoft Networks • The Microsoft Client for Microsoft Networks is installed automatically in Microsoft Windows operating systems whenever a network adapter installation is detected. • The Microsoft client allows networked computers to communicate with other computers and servers in a Microsoft-based network. Domain Configuration • A Windows domain is a client-server network that uses Windows servers as domain controllers. • The purpose of a domain controller is to handle network security, including users, groups, and resources. Peer-to-Peer Configuration • The procedures to join a workgroup are very similar to those for joining a domain. Client for Novell Networks • Most Microsoft operating systems include a client for Novell NetWare networks; however, it is generally preferable to use Novell’s client software. • The Novell client software allows Windows workstations to access and use all of the services available on Novell NetWare servers running Novell Directory Services and ZenWorks. Troubleshooting Client Installation • Since clients are software, problems are usually caused by configuration errors that manifest themselves during network logon. • In Microsoft Networks, confirm the following information: – The computer is a member of the domain, if required, and that the domain name and computer name are spelled correctly. – The domain name specified in the client box is correct. – You are attempting to log on with a domain user name. – The password matches the user name and is spelled correctly. – Since passwords are case sensitive, ensure the Caps Lock key is not engaged. (continued) Troubleshooting Client Installation (continued) • In Novell networks, check these items: – The client you are using is the most current. – The client you are using is compatible with the Novell network operating system and supporting components, such as Novell Directory Services and ZENworks. – The correct context is specified at the client. – The user name and password are correct. Protocols • Protocols can be defined as the rules or procedures computers use to communicate with each other. • Each protocol must be installed on the computer and, depending on the protocol, some configuration may be required. • Although a computer may have several protocols installed, each computer on the network must have at least one protocol in common. • The most common protocols are NetBEUI, IPX/SPX, and TCP/IP. NetBEUI • The NetBEUI protocol has no configurable parameters. Once it is installed, it is ready for use. Internet Packet Exchange/Sequenced Packet Exchange (IPX/SPX) • The Internet Packet Exchange/Sequence Packet Exchange (IPX/SPX) is the protocol used in Novell networks. • IPX/SPX is a fully routable protocol that requires two configuration parameters. – Internal network number – Frame type Internal Network Number • The IPX internal network number uses a logical addressing format that is based on the machine’s MAC address. • An IPX address contains two parts: the network address and the node address. • The network address is determined by the network administrator and set on the server. The node portion of the address is the MAC address for the machine. Frame Type • The version of NetWare you are running and the additional protocols implemented on the network will determine which frame types must be enabled. All frame types are IEEE defined. – 802.3 • This frame type is often referred to as 802.3 RAW. It is the default frame type setting for NetWare 3.12 and earlier versions. – 802.2 • Later versions of NetWare (4.x and later) use this frame type. It is a fully IEEE-compliant encapsulation method. (continued) Frame Type (continued) – ETHERNET_II • When providing interoperability with NetWare networks and TCP/IP, it is necessary to encapsulate the packets in an IPX-compatible format. This frame type was also used by DEC networks and AppleTalk Phase I (the original AppleTalk protocol) networks. – ETHERNET_SNAP • AppleTalk Phase II requires this frame type. It is a standard IEEE 802.2 frame with SNAP extensions. • IPX/SPX is implemented in the Windows family of products as the NWLink Protocol. Troubleshooting the IPX/SPX Protocol • IPX/SPX is fairly easy to troubleshoot as it has only two parameters to configure: the network number and frame type. • The network number should be obtained from the network administrator. Ensure that the number is entered correctly. • Check the frame type to make sure the correct type is entered. If only one frame type is in use on the network, you may select the Auto Detect option. • If more than one frame type is being used, you must manually select all frame types. TCP/IP • TCP/IP is not just one or two protocols, but a whole suite of protocols that can provide services and functions on the network. • While a MAC address represents the physical network interface, an IP address represents a logical location on the network or internetwork. • All nodes participating in a TCP/IP network must acquire a unique IP address to access services and communicate with other nodes. • The information required to configure a computer to run the TCP/IP protocol depends upon the situation. If the computer will only communicate with computers on its own subnet, the following data is required: – IP address – Subnet mask (continued) TCP/IP (continued) • If the computer will need to communicate outside of its own subnet, the following information is required: – IP address – Subnet mask – Default gateway • If you wish to use friendly names instead of IP addresses when communicating, you will need to add IP addresses for WINS servers or DNS servers. • The IP addressing parameters can be added to the client manually or automatically. Dynamic Host Configuration Protocol (DHCP) • Dynamic Host Configuration Protocol (DHCP) is used to dynamically, or automatically, assign Internet Protocol (IP) addresses whenever TCP/IP is being used on a network. • DHCP consists of both a server and a client component. In order to assign TCP/IP addresses automatically, the DHCP Server Service must be installed on a server. • Once the server component is installed, a scope, or range of addresses that may be assigned, and related parameters are developed. • In order to configure a client to automatically accept addresses, the client must have the built-in ability to be a DHCP client. (continued) Dynamic Host Configuration Protocol (DHCP) (continued) • Once the computer has restarted, it will attempt to obtain an IP address using the following steps: – When a DHCP client powers up, it sends DHCPDISCOVER packets across the network. – All DHCP servers that receive this broadcast will respond with a DHCPOFFER. DHCPOFFER packets typically contain information such as: • IP address that is being offered • IP address lease time • Subnet Mask • Broadcast address • Routers on subnet • Domain name • Domain Name Server address (continued) Dynamic Host Configuration Protocol (DHCP) (continued) – The client selects the offer it wants. Normally it selects the first DHCPOFFER received. – When the selected DHCP server receives the DHCPREQUEST, it replies to the client with an acknowledgement, or DHCPACK packet, which completes the DHCP transaction. Troubleshooting the TCP/IP Protocol • TCP/IP addressing is one of the most difficult concepts to learn in networking. Due to the complexities involved, addressing errors are common. – Ensure the IP address of the client is correct for the subnet the computer is located on. – The subnet mask must be appropriate for the IP address. – Use the PING utility to check the protocol stack on the device. – Use the PING utility to ensure the default gateway is functioning correctly. – Use the PING utility to check connectivity with sites beyond the default gateway. – Use the PING utility to ensure the DNS and WINS servers are functioning correctly. Domain Name System (DNS) • The Domain Name System (DNS) is used to resolve host or fully qualified domain names (FQDNs) to IP addresses. • To configure a client to use DNS, the IP address of one or more DNS servers must be added to the computer’s TCP/IP properties. Troubleshooting (DNS) Resolution • At the client end, you are most likely to encounter DNS problems while trying to connect to a Web site by fully qualified domain name. – Check the physical connections of the workstation by opening the Network Neighborhood or My Network Places and browsing network resources. – In Network properties, ensure the IP address or addresses of the DNS servers are correct. – Use the PING utility to test connectivity to the DNS server or servers. – Try to connect to the Web site by typing the IP address of the Web site in the address block of the Web browser. If you can connect by IP address but not by fully qualified domain name, a DNS server problem is indicated. Contact the DNS server administrator. Host Table Files • Originally, a file called the host table was used to list all the resources and their IP addresses. • The host file contains the mappings of IP addresses to host names. • Each entry is the IP address followed by the name. Understanding NetBIOS Names • NetBIOS is an acronym that stands for Network Basic Input/Output System. • NetBIOS is an application programming interface (API) that adds functions designed specifically for local area networks. • In order to communicate on a NetBIOS network, each node needs to be identified by a unique name. In NetBIOS networks, names are used by each host. (continued) Understanding NetBIOS Names (continued) • Every client computer in a Microsoft network is assigned a name, commonly referred to as a host name. That host name is considered a NetBIOS name. • That name must contain 16 or fewer characters, and it may be letters or numbers. • NetBIOS names may be resolved through broadcasts or through some other method, such as WINS or LMHost files. Windows Internet Name Service (WINS) • There are three very important things to know about the Windows Internet Name Service (WINS). – First, WINS has absolutely nothing to do with the Internet. – Second, WINS applies only to Microsoft networks. – Finally, WINS is used to resolve NetBIOS names to IP addresses. • WINS, like DNS, consists of a server and a client component. In order to use WINS, the WINS server service must be installed on a Windows server. LMHosts • The LMHosts file is a text file that contains static mappings of IP addresses to computer (NetBIOS) names. • The LMHosts file can be used by Microsoft clients to assist with NetBIOS name resolution. • Think of the LMHosts file as the manual version of WINS. • Each Microsoft operating system contains a sample LMHosts file (LMHosts.sam) that can be modified as necessary and then saved as “LMHosts” without an extension. (continued) LMHosts (continued) • After the file has been created, save it to the %systemroot%\System32\Drivers\Etc directory. • The following keywords or extensions can be used in the LMHosts file: – #PRE – #DOM:<domain> – #INCLUDE <filename> – #BEGIN_ALTERNATE and #END_ALTERNATE – \0xnn (nonprinting character support) Services • Network services provide functionality to the client computer. • Some typical examples of network services are: – File and Print Sharing for Microsoft Networks – File and Print Sharing for Novell Networks – Remote Registry Service – QoS Packet Scheduler – Service Advertising Protocol (SAP) Understanding Security • In a network environment, some type of security or control is built into almost every function. Local Security • In computer networks, when you hear the word “local” think of the computer that you are sitting in front of. • Therefore, when you hear the term “local security,” think of security that affects only the computer you are working at. • Local security starts with the login process, typically a user name and password. • It includes groups or roles, and file system security. Logon and Role/Group Security • Each operating system has different logon security requirements. • The user account that you use to log on to the computer exists only on that computer because the account was created at that computer. File System Security • Some file systems, such as the new technology file system (NTFS), allow you to set permissions on files and folders. Network Security • Network security is very similar to local security in several aspects. For example, when logging on to a network, the user must supply a user name and password. • Users can be controlled by groups and roles. • The major differences are that the user accounts and groups are created at a server and not on the local computer. • Therefore, when you log on, you must use a user name and password that were created at a server. Troubleshooting Logon Security • Ensure you are using the correct user name and password. • Remember that passwords are case sensitive. • In Microsoft networks, check the client to ensure you are attempting to log on to the correct domain. • In Novell networks, ensure your tree and context are correct. Troubleshooting Role/Group Security • Roles determine the rights available to a user. When using roles, always ensure you have selected the proper role for the user. • Users are typically assigned permissions to resources by groups. If a user appears to be in the correct group but still cannot access a resource, check these things: – Make sure the user is not in more than one group with conflicting permissions. – Normally, a setting of “No Access” overrides all other permissions. Make sure the user is not blocked from the resource or in a group that is blocked. – Ensure the user is logging on to the network and not the local workstation. Troubleshooting File System Security • File system security can conflict with security set at the share level. If you believe this is occurring, check permissions at both levels. • When using both file and share permissions, the most restrictive permission applies.