4 x Working complete PC
Student CD-ROM, "Room 6359"
Student CD-ROM, "Windows 2000 Server Image"
Student CD-ROM, "NetWare 4.11 2-User Student Version"
The student will become familiar with:
The Novell NetWare 4.11 Server including,
How to install Client32 for NetWare 4.11,
How to create a User and a Group,
Integrating a Windows 2000 Domain to NDS including,
The installation of Gateway Services for NetWare on the Windows 2000 DC Server,
The configuration and creation of GSNW on the Windows 2000 DC Server.
The student will learn basic administrative tasks in the NetWare 4.11 (NDS tree) network environment. The student will learn how to install alternative network protocols on the Windows 2000 server and how to install and configure Gateway Services for NetWare on the Windows 2000 Server allowing seamless and centralized integration of the NetWare 4.11 server's resouces to the entire domain without having to install or configure anything on any domain client.
This module assumes that a Novell NetWare 4.11 server running the NDS tree named RM6360 is already up and running. The server is using only IPX/SPX and the tree contains at least one organization named MDC.
The network must also have a PC running Windows 2000 Advanced server with DHCP, DNS, and Active Directory installed. In this example the server's name is SVR10 and it runs the "domain10.com" domain. The server should only be using TCP/IP at the beginning of the exercise.
The network must have a PC running Windows 2000 Professional. This machine should already be joined to the domain.
The network must have a PC running Windows 98 on which Client32 version 3.4 has just been installed using only IPX/SPX.
At the Windows 98 PC logon to the NetWare network as Admin:
Open Network Neighborhood > FS99 > SYS > PUBLIC. Click View > Details. Scroll down to the file named "Nwadmn3x.exe" and select it:
Open NetWare Administrator by pressing [Enter]. NetWare Administrator opens to the logon context within the tree (O=MDC):
Right click on the organization named MDC at the top and select "Create..." In the resulting window select "Group":
Click "OK" and in the resulting window name the group "NTGATEWAY" (no quotes!) then click the Create button:
The NTGATEWAY group should be directly assigned trustee rights to the volume that the Windows 2000 server will make available to all domain users. The Windows 2000 server shares the Netware volume to all users with the same set of rights by logging into the Netware NDS tree as a user in the tree that must be a member of the group NTGATEWAY. All members of the domain who log on to the domain will be able to browse the NetWare volume as if it were on the Windows 2000 server. As they browse the NetWare volume, the Windows 2000 server will request the information from the NetWare server through its own user account. Because it is using the same single account to retrieve all requests for all users of the domain, all users will experience the same access rights. Because this defeats the ability to control access for each user (centralized security administration based on the user) and effectively makes the entire NetWare volume into a share-level accessed resource, it is recommended to limit the gateway account to read-only and filescan rights. At this point, right click on the NTGATEWAY group and select details. In the resulting window select "Rights to Files and Directories":
Click the Show button in the Volumes section of the window and in the resulting window select the FS99_SYS object then click OK:
With the FS99_SYS object now shown in the Volumes section of this window, click the Add button in the Files and Directories section and again choose the FS99_SYS object in the object browser and click OK. The previous open window now displays the object. Be sure that only the Read-Only and Filescan rights are checked in the boxes below it. Then click the OK button::
Right click the MDC organization and select "Create". In the resulting window choose "User". In the resulting window name the user "NWGATEUSER":
Once created, right click on the group NTGATEWAY and select details. In the resulting window click "Members":
Click the Add button and in the resulting object browser window, click on the user NWGATEUSER in the left window pane, then click the OK button:
The required group with the directly assigned rights now exists and a user account has been created and made a member of the group. Open the user's details and set the password to "nw411" (no quotes!) then logout and move to the Windows 2000 server to set up the Gateway Services for Netware.
Open My Network Places and open the Network Connections. Right click on the network interface card's connection and click properties:
With the properties sheet open click the Install button:
In the resulting window select "Protocol" then click the Add button:
In the resulting window select the "NWLINK IXP/SPX NetBIOS Compatible Transport Protocol" then click the OK button:
The component is included in the driver.cab file in the Windows system folders and will be installed. Once complete the NIC's property sheet is visible again. Scroll down and note the new components listed:
Click the Install button again and in the resulting window select "Client" then click the Add button:
In the resulting window select the only option shown "Gateway (and Client) Service for NetWare" and click the OK button:
Once this completes it will invite a reboot, click No. A Netware logon screen opens. Select Default Tree and Context and fill them in where the tree is RM6360 and the context is O=MDC (that is a letter "O" for Organization):
Click the OK and button close the properties sheet and continue refusing to reboot. Open Start > Programs > Administrative Tools > Active Directory Users and Groups. Create a new user named "NWGATEUSER" and give the user the password "nw411" Next, click on "Builtin" and double click "Administrators":
This properties sheet appears:
Click on the members tab and scroll down to the new account "NWGATEUSER" and double click it:
Click the OK button on the Administrators group properties sheet and create another user named userx with the password userx. Do not make this user a member of Administrators. Close Active directory Users and Groups and click Start > Shut Down. Select "Log off Administrator":
Log back on as NWGATEUSER and open Start > Settings > Control Panel and select the "GSNW" applet:
Check that the user name is correct at the top of the properties sheet (NWGATEUSER) and that the tree and context are correct (Tree = RM6360 and the context is O=MDC) then click the Gateway button:
Although this window allows the user and password to be different from the one currently logged onto the Windows 2000 server, this apparently does not work well at all. Enter the user name "NWGATEUSER" and the password "nw411" and this must be the user logged onto the server in order for this to work well, and in order to log on to the server console itself, this user must be a member of Administrators which is why this was done earlier. Now click the Add button:
In this window, name the share "NWPUBLIC" and specify the path as "\\FS99\SYS" Note that the Novell server and the Windows server can negotiate this UNC network path with no problem, but the NetWare server and Windows 2000 server can ONLY negotiate UNC names to NetWare volumes and NOT directories within them:
Click OK and the share appears:
Close all windows properly (with the OK buttons and NOT the cancel buttons) and goto the Windows 2000 Professional workstation PC.
Log on to the domain as userx. Open My Network Places and click the Entire Network link:
Click the Microsoft Windows Network icon:
Click the Domain10 icon:
Click the Svr10 icon:
The NWPUBLIC share is clearly visible. SVR10 is advertizing it as if it were on the machine itself. Click it:
The contents of the NWPUBLIC share are displayed as if they came directly from SVR10. SVR10 retrieves the information from the NetWare server, remember that the NetWare server is running IPX/SPX only and cannot communicate with the Windows 2000 Professional workstation, and then delivers the information to the workstation. It is by definition a true Layer 7 gateway to the information on the NetWare server. Obviously this creates a lot of traffic, two complete deliveries of the same information across the Ethernet media, once to the server and then to the workstation, and should only be undertaken as a stop gap measure while converting from one set of server's to the other. The authentication server (the domain controller) should not be used as the GSNW gateway if this can be avoided. Instead a dedicated member server should be used to reduce traffic and workload on the server responsible for maintaining the domain security.
Copyrightę2000-2004 Brian Robinson ALL RIGHTS RESERVED