Ch

ng 2: Network Services

1

N i dung

Names and Addresses HOSTS File LMHOSTS Domain Name System Windows Internet Name Service (WINS) SMB and CIFS Mail Services Dynamic Host Configuration Protocol Dynamic DNS Active Directory Basics2

Names and Addresses

name (hostname)indicates what we seek.

address (IP)indicates where it is.names & numeric addr be used interchangeably

route (tuy n)indicates how to get there

Name are easier to remember and type correctly. Applications use IP addresses, but names are easier for humans to use

3

Names and AddressesIn most cases, hostnames and numeric addresses can be used interchangeably. User can ping the PC at IP address 172.16.12.2 by entering: C:\ ping 172.16.12.2 Or by enter the hostnames associated with the address: C:\ping poop.example.com The system converts the hostname to an address before the network connection is made.

4

Names and Addresses

to organize PC system names

2 common methods usedS d ng tn n gi n ch m i host. hostname ph i l gi tr duy nh t trn m ng (must be unique within network) V d : once the name pooh has been assigned to a host, no other host on that network should be assigned that name.

Flat namespace

5

Names and Addresses

to organize PC system names

2 common methods usedM ng chia nh thnh nhi u ph n g i l domain (Subdivides network into multiple named parts called domains) hostname

Hierarchical namespace

Gi tr duy nh t trong m t domain (unique within a domain) Nh ng c th c nhn i trong cc domain khc trn cng 1 m ng (but may be duplicated in other domains on the same network)

For example, a host named pooh.example.com and another host named pooh.oreilly.com may exist within the same network in this case, the Internet.6

Names and Addresses

flat namespace is inadequate (khng

y

)

Tn c s n b gi i h n (Limited name availability ) A good computer name is short, easily remembered, and meaningful. In a flat namespace, all the good computer names are taken quickly, and you find yourself assigning essentially random names to your hosts.

7

Names and Addresses

flat namespace is inadequate (khng

y

)

C n qu n l t p trung (Centralized administration requirements)Gn quy n qu n l t p trung cho m i hostname c th lm cho ti n trnh x l ch m tr ho c t nh t (The central authority assigns every hostname, which can be a slow tedious process)

8

Names and Addresses

9

HOSTS File

simple text file that associates IP addresses with hostnames

Windows Server 2003 systems

%SystemRoot%\System32\Drivers\etc\hosts IP address a list of hostnames associated with that address

entry contains

Comments begin with #.

10

HOSTS File

11

NetBIOS

M i my tnh trong m ng dng h c m t tn NetBIOS duy nh t. M i tn NetBIOS ch a t i a 16 k t

i u hnh Microsoft

u

Tn NetBIOS c hai d ng: unique v group Tn NetBIOS d nh v thn thi n h n ng i dng a ch IP iv i

Cch xem NETBIOS: C1: Computername/ change/ more C2: Run/ cmd / nbtstat n (ki m tra tn NETBIOS name my mnh) Nbtstat a IP my khc12

Cc lo i NetBIOS NodeCc lo i NetBIOS node nh ngh a cc ph phn gi i tn NetBIOS sang a ch IPKi u Node B-node P-node M-node H-node Di n gi i Dng broadcast ng k v phn gi i tn NetBIOS Ch dng WINS phn gi i tn NetBIOS K t h p B-node v P-node, nh ng Bnode l m c nh K t h p P-node v B-node, nh ng Pnode l m c nh

ng php

Registry value 1 2 4 813

LMHOSTS (Lan manager hosts)

nh x tn NetBIOS sang

a ch IP

Trong %SystemRoot%\system32\drivers\etc N i dung i t ng c a LMHOSTs (entry contains)a ch IP (IP address) Tn c a NetBIOS k t h p v i with that address) a ch IP (1 NetBIOS name associated

M t vi tnh n ng khng c trong file HOST (some features that not supported by HOSTS file)

Ch thch b t

u b ng k t # (comments begin with #).

#PRE

#DOM: domain

The entry (entry in LMHosts file) preloaded into cache and permanently retained there speed up for frequently used hostnames

#INCLUDE file

Xc nh m t my ch c th xc nh n yu c u ng nh p (Identifies a Windows server that can validate network logon requests. ) Specifies remote file that should be incorporated in local LMHOSTS file14

LMHOSTSreload with the nbtstat -R command

nbtstat -c cmd shows entries that are currently cached15

HOSTS vs LMHOSTSThe original method of name resolution was to simply look up the hostname in a flat file called a host table. The file that contains TCP/IP hostnames is HOSTS, and the file that contains NetBIOS hostnames is LMHOSTS. Now, however, both TCP/IP and NetBIOS support name servers. The database system used to translate TCP/IP hostnames to addresses is called Domain Name System (DNS). The name server system used for NetBIOS names is Windows Internet Name Service (WINS )16

DNS

DNS l h th ng tn mi m c pht minh vo n m 1984 cho Internet, c dng phn gi i ( i) tn mi n (hostname) thnh a ch IP trong cc m ng TCP/IP. V d : i en.wikipedia.org thnh a ch PI 66.230.200.100 DNS c so snh nh phone book c a Internet.17

Cy phn c p DNS

18

Cy phn c p DNS

t ng: Phn pht trch nhi m gn tn mi n v nh x chng thnh a ch IP cho m t server c th m quy n Domain names s p x p thnh m t cy, c t thnh nhi u vng, m i vng c qu n l b i m t server c th . Khng gian tn mi n ch a m t cy tn mi n. Cy con chia thnh nhi u vng M t vng ch a t p h p cc node lin quan c qu n l b i DNS nameserver chnh th c19

Cy phn c p DNS

M i node hay l trn cy c 1 hay nhi u b ng ngu n, ch a thng tin lin quan n tn mi n M t namespace n c th lm ch nhi u vng.

20

Domain Name System (DNS)

T ch c thnh cy phn c p t ng t nh cch t ch c phn c p c a th m c (organized into hierarchy similar hierarchy filesystem), bao g m: root domain top-level domains (TLD) Geographic aside for country in the world (by a 2letter: vn, fr, uk,jp, organizational com, edu, gov, mil, net, int, org (based on the type of organization)21

Domain Name System

22

Domain name server

1 domain name th ng ch a m t hay nhi u ph n (nhn), ng n cch b i d u ch m.

Nhn ph i nh t chuy n n vng cao nh t (toplevel domain) M i nhn cho n pha tri nh ngh a s chia nh hay l vng con c a vng trn n. V d : wikipedia.org bi u hi n vng con c a vng org; en.wikipedia.org bi u hi n vng con c a mi n wikipedia.org.23

Domain name server

Domain name server ch a 1 t p c phn c p DNS server. DNS server c quy n cng b tn mi n v nameserver c a nh ng vng d i n. S phn c p t m ki m sot c a DNS server t ng h p v i s phn c p mi n.

24

WINS (Windows Internet Name Service)-

NetBIOS-over-TCP/IP (NetBT) l 1 thnh ph n m ng tch h p s n trong Windows c nhi m v phn gi i tn t NetBIOS name sang IP. C ch phn gi i NetBIOS name: a). S d ng Broadcast. b). S d ng WINS Server. Gi i php khng s d ng Broadcast h i a ch IP c a m t my tnh trong m ng l s d ng m t my ch l u NetBIOS Name a ch IP c a ton b cc my tnh trong m ng, my ch ny c g i l WINS Server.25

-

Cc thnh ph n c a h th ng WINSMy ch d ch v WINSSubnet 2

C s d li u WINS

My khch dng d ch v WINSSubnet 1

WINS Proxy

How a WINS Client Registers and Releases NetBIOS NamesName Registered Name Released

WINS Client

WINS Server

1 2

My khch g i yu c u

ng k t i my ch WINS

My ch WINS ghi nh n thng tin v g i l i thng s thng bo ng k thnh cng My khch yu c u h y b tn My ch WINS g i xc nh n h y tn

How a WINS Server Resolves NetBIOS NamesLin l c 3 l n My khch My ch WINS A

1Subnet 2

Subnet 1

2 3

My ch WINS BSubnet 2

1 2 3

My khch lin l c 3 l n v i my ch WINS, nh ng khng nh n c h i p My khch lin l c t i t t c cc my ch WINS khc t i khi no nh n c h i p Sau khi phn gi i thnh cng, my ch WINS tr k t qu l i cho my khch

Resolving a NetBIOS name

h-node WINS client resolve NetBIOS name to IP address in following mannerIf WINS client cannot resolve name from its local cache query request to WINS server.

sends name

If WINS query fail client sends IP broadcast packet containing a name query request.

contains the NetBIOS name of the computer to be resolved. WINS server returns IP address that WINS database maps to NetBIOS name. client uses IP address to establish a session with target computer. If target computer is on same subnet returns IP address to the querying computer and direct session is established.

If IP broadcast name query request fails to return an IP address, client examines its local LMHOSTS file , if local LMHOSTS contains an #INCLUDE statement pointing to a remote LMHOSTS file on a server, it examines remote LMHOSTS file as well.

29

Qu trnh WINS ReplicationWINS replication l qu trnh sao chp c s d li u c a WINS khi c s thay i t my ch WINS ny sang my ch WINS khcMy ch WINS A WINS ReplicationSubnet 1 Subnet 2

My ch WINS B

My A

My B

C ch Push ho t

ng ra sao

My ch WINS s nh c nh cc my ch WINS khc l c s thay i trong c s d li u c a mnh C ch Push p ng nhu c u ng b ha cho cc ng truy n c b ng thng l n 4 Replicas sent 3 Replication sent 2 Notification request My ch WINS WINS Server A A My ch WINS WINS Server B BSubnet 1

150 changes occur in database

Subnet 2

1 2 3 4

My ch WINS A c 50 thay

i trong c s d li u i

My ch WINS A nh c nh my ch WINS B v s thay ny My ch WINS B yu c u ng b ha u ng b ha

My ch WINS A g i xc nh n v b t

C ch Pull ho t

ng ra sao

My ch WINS yu c u ng b d li u c c u hnh theo th i gian C ch Push p ng nhu c u ng b ha cho cc ng truy n c b ng thng l nMy ch WINS WINS Server A A Subnet 1

Requests changes 1 Replicas sent 2 every 8 hours

My ch WINS WINS Server B B

Subnet 2

1 2

My ch WINS A th i gian nh t nh My ch WINS B

c c u hnh ng v b t

ng b sau m t kho ng u qu trnh ng b ha

SMB and CIFSNetBIOS networks have been traditionally used for file and printer sharing. The Windows file and printer sharing protocol is Server Message Block (SMB) protocol. For Microsoft Windows NT 4.0, Microsoft extended and updated SMB and rechristened it the Common Internet File System (CIFS).

Server Message Block (SMB) protocol

Windows file and printer sharing uses NetBIOS over TCP on port 139 Microsoft extended and updated SMB extended to support Distributed File System (DFS) called Self Host and uses TCP port 445

Common Internet File System (CIFS)

33

SMB and CIFS

steps involved in sharing a file or printer using CIFS

client resolves server name to IP address client establishes TCP connection to server

on port 139 when NetBIOS is used or on port 445 when Self Host is used

34

SMB and CIFSClient SMB SESSION REQUEST NEGOTIATE packet NEGOTIATE REPLY packet SESSION SETUP ANDX message new UID SESSION SETUP ANDX message TREE CONNECT packet TreeID TREE CONNECT RESPONSE Access using UID, TID35

Server

session parameters, authe

D ch v Mail (Mail Services)

Cc giao th c c b n (basic protocols )

Simple Mail Transfer Protocol (SMTP )

TCP/IP mail delivery protocol move user's mail from server to user's local mail reader same basic service as POP and adds features to support mailbox synchronization extends the definition of what constitutes mail

Post Office Protocol (POP )

Internet Message Access Protocol (IMAP )

Multipurpose Internet Mail Extensions-MIME

36

SMTP (Simple Mail Transfer Protocol)

Giao th c tin c y ch u trch nhi m phn pht mail. L m t d ch v h ng k t n i (connectionoriented service) Ho t ng d a trn chu n giao th c TCP, s hi u c ng (port) ho t ng l 25.

37

SMTP (Simple Mail Transfer Protocol)

Cc t p l nh c a SMTP

38

SMTP

s d ng cc l nh trn ta dng l nh telnet (illustrate how mail is delivered between systems)telnet mail.example.com 25

39

POP

C 2 phin b n c a POP (Post Office Protocol) c s d ng r ng ri l POP2, POP3. POP2 dng c ng 109; POP3 dng c ng 110. Cc cu l nh trong hai giao th c POP2, POP3 ny khng gi ng nhau nh ng chng cng th c hi n ch c n ng c b n l ki m tra tn ng nh p v m t kh u c a ng i dng v chuy n mail c a ng i dng t Server t i h th ng c mail c c b c a user.40

POP

client

implementation in the Outlook mailer implementation as part of mail server role available through Windows Server 2003 Configure Your Server wizard

server

41

POP

illustrates how a POP protocol works

telnet mail.example.com 110

42

POPCc t p l nh trong POP3

43

IMAP (Internet Message Access Protocol)

IMAP (IMAP 4,IMAP 2 ) port is TCP 143.

Port 220 is used by IMAP 3

44

IMAP

45

MIME

MIME is extension of the original TCP/IP mail system, not a replcement for it. MINE is more concerned with what the mail system delivers than it s with the mechanics of delivery. Structure of the mail message carried by SMTP is defined in RFC 822 MIME extends RFC 822 into 2 areas

Support for various data types

RFC 822 only transfers 7-bit ASCII data Content-Type header and Content-Transfer-Encoding header

Support for complex message bodies

46

MIME

47

DHCP (Dynamis Host Configuration Protocol)

to control TCP/IP configuration from a central point.

48

Dynamic DNS

permits a DNS server to be dynamically updated by the DHCP server or client uses a 5-field format for DNS queries and responses Microsoft integrates DHCP on both client and server with Microsoft DNS, WINS, and Active Directory.

49

Active Directory Basics

hierarchical structure Container

contain other objects.Ex : Computers and Users logical collection of computers that includes at least one domain controller. stores a copy of Active Directory database for its domain and specialized software provides domain services and centralized management capabilities.50

Domain

Domain controller

Active Directory Basics

Domain naming

Tree

Windows 2000 and Windows Server 2003 domains are named using DNS formatted names consisting of a name and extension. If the organization has a registered DNS name it may chose to use this name as the name of a tree root domain in its Active Directory forest, but it does not have to. hierarchical collection of domain controllers in same DNS domain namespace. composed of 1 or more Windows domains arranged in 1 or more trees. created when the first DC in the first domain of the forest is created. This first domain is called the forest root domain.51

Forest

Active Directory Basics

52

OU

Active Directory domains may contain Organizational Units (OUs ).

OUs are containers that subdivide domains. used to separate users and groups OU can contain objects such as users, groups and other OUs. domain has a single default OU, domain controllers OU, which by default contains every DC in the domain53

Site

sites are used to represent the physical structure of the forest defined in Active Directory by identifying one or more IP subnets can contain one or more DCs from a single domain and/or one or more DCs from multiple domains54

Site

55

Active Directory Database Basics

Windows server becomes a DCdefault Active Directory database installed

56

Update change

change in Active Directory

replicas of Active Directory using DC updated on DCs and global catalog (GC) servers forest-wide Active Directory database Made GC server57

GC contains

First DC of forest

DC (Domain Controller)

Some AD data can only be managed by specific DCs in the forest

Roles

called operations masters Schema master

Domain-naming master

Controls management of schema objects. Controls addition or removal of domains in forest Allocates a series of relative IDs (RIDs) to each DC in a domain

RID master

PDC emulator master

Infrastructure master

Windows NT Primary Domain Controller (PDC) when Window NT 4.0 computers are domain members Updates references from its domain's objects to objects in other domains58

Authentication, Authorization, Trusts

User needs to authenticate or identity on network must locate a DC in its domain access to forest-wide resources authorization accounts in 1 domain can be assigned access to resources in another domain domain trusts another domain59

Authentication, Authorization, Trusts

Trusts in Windows 2000 and Windows Server 2003 domains

Kerberos style

network authentication technique for users and computers in 1 AD domain trust exists between domain A - domain B and domain Bdomain C domain A also trusts domain C If a trust exists domain A and domain B, a trust also exists between domain B and domain A60

Transitive

Two-way

Group Policy Basics

Group Policy

used to deliver software installation, config settings selected users and PC with accounts in AD domain consists

1 Group Policy engine

interactions between server-side elements of GP and local application

client-side extensions61

Group Policy Basics

server-side elements

Group Policy Objects (GPOs),

store config settings. used to configure thousands of systems automatically 2 default GPOs

Resultant Set of Policy (RSoP),

Default Domain Controllers Policy Default Domain Policy.

Administrative tools

tool to review effect of proposed or actual Group Policy settings for specific computers and clients. resultant review is stored and can be examined later.

62

Group Policy Basics

process steps from GPO creation to applicationGPO is created, edited, and linked to a site, domain, or OU object. If a PC account resides within the object and PC portion of the GPO is enabled config settings are downloaded and applied at PC boot. If a user account resides within the object and user portion of the GPO is enabled, config settings are downloaded and applied during logon. Changes to GPO settings are periodically refreshed, applied and will not wait for user logoff/logon or PC shutdown and start. Security Settings config is periodically applied (every 13 hours) whether or not there are changes.63

Group Policy Basics

GPOs that may impact a user or PC are applied in a top-down hierarchical fashion.

First, any GP Settings on local PC are applied Next those on the site object, followed by those linked to domain, OU, and any nested OU objects Until account container is reached. If a conflict exists between the Security Setting or Administrative Template setting during the application of multiple GPOs, the setting in the GPO closest to the account wins. no conflict exists, all settings are cumulatively applied.64

Group Policy Basics

Constraints and filters

Enabled/Disabled

Security Filter

PC and/or user section of GPO must be enabled in order for that section to be applied. user or PC account must have Read and Apply Group Policy permission on GPO. default, Authenticated Users group has these permissions. However, GP administrator can configure permissions so that only certain groups of PC or users can apply

WMI Filter

Windows Management Instrumentation (WMI) filter can be used to prevent a GPO from being applied to computers that have specific features detectible through WMI. supports monitoring and management of system resources. can detect whether a PC has a specific feature and prevent GPO application based on that information.

65

Group Policy Basics

Block Inheritance

Enforced (Override)

domain or OU has Block Inheritance property, higher level in GPO hierarchy are not applied.

GPOs at a

Loopback

GPO is applied regardless of any use of Block Inheritance feature.

policy that reapplies user portion of PC GPO settings to a PC after application of user based policy. This means that there is a consistent user policy in place on the computer. useful for kiosk and other publicly available PC where privileges of the user logged on should have no bearing on application of Group Policy restrictions.66

Group Policy Basics

Local GPO information

stored on client computer Windows\system32\Group Policy folder stored partially in AD and partially in DC filesystem. recorded in AD Administrative template .adm files and the Security Settings .inf files %systemroot%\SYSVOL\sysvol\\Policies

Active Directory-based GPOs

GPO properties

67