Professional Documents
Culture Documents
ng 2: Network Services
N i dung
Names and Addresses HOSTS File LMHOSTS Domain Name System Windows Internet Name Service (WINS) SMB and CIFS Mail Services Dynamic Host Configuration Protocol Dynamic DNS Active Directory Basics
2
name (hostname)
indicates what we seek.
address (IP)
indicates where it is.
names & numeric addr be used interchangeably
route (tuy n)
indicates how to get there
Name are easier to remember and type correctly. Applications use IP addresses, but names are easier for humans to use
Flat namespace
Hierarchical namespace
Gi tr duy nh t trong m t domain (unique within a domain) Nh ng c th c nhn i trong cc domain khc trn cng 1 m ng (but may be duplicated in other domains on the same network)
For example, a host named pooh.example.com and another host named pooh.oreilly.com may exist within the same network in this case, the Internet.
6
Tn c s n b gi i h n (Limited name availability ) A good computer name is short, easily remembered, and meaningful. In a flat namespace, all the good computer names are taken quickly, and you find yourself assigning essentially random names to your hosts.
HOSTS File
entry contains
10
HOSTS File
11
NetBIOS
i u hnh Microsoft
Cch xem NETBIOS: C1: Computername/ change/ more C2: Run/ cmd / nbtstat n (ki m tra tn NETBIOS name my mnh) Nbtstat a IP my khc
12
Cc lo i NetBIOS Node
Cc lo i NetBIOS node nh ngh a cc ph phn gi i tn NetBIOS sang a ch IP
Ki u Node B-node P-node M-node H-node Di n gi i Dng broadcast ng k v phn gi i tn NetBIOS Ch dng WINS phn gi i tn NetBIOS K t h p B-node v P-node, nh ng Bnode l m c nh K t h p P-node v B-node, nh ng Pnode l m c nh
ng php
Registry value 1 2 4 8
13
nh x tn NetBIOS sang
a ch IP
M t vi tnh n ng khng c trong file HOST (some features that not supported by HOSTS file)
Ch thch b t
#PRE
#DOM: domain
The entry (entry in LMHosts file) preloaded into cache and permanently retained there speed up for frequently used hostnames
#INCLUDE file
Xc nh m t my ch c th xc nh n yu c u ng nh p (Identifies a Windows server that can validate network logon requests. ) Specifies remote file that should be incorporated in local LMHOSTS file
14
LMHOSTS
reload with the nbtstat -R command
HOSTS vs LMHOSTS
The original method of name resolution was to simply look up the hostname in a flat file called a host table. The file that contains TCP/IP hostnames is HOSTS, and the file that contains NetBIOS hostnames is LMHOSTS. Now, however, both TCP/IP and NetBIOS support name servers. The database system used to translate TCP/IP hostnames to addresses is called Domain Name System (DNS). The name server system used for NetBIOS names is Windows Internet Name Service (WINS )
16
DNS
DNS l h th ng tn mi m c pht minh vo n m 1984 cho Internet, c dng phn gi i ( i) tn mi n (hostname) thnh a ch IP trong cc m ng TCP/IP. V d : i en.wikipedia.org thnh a ch PI 66.230.200.100 DNS c so snh nh phone book c a Internet.
17
Cy phn c p DNS
18
Cy phn c p DNS
t ng: Phn pht trch nhi m gn tn mi n v nh x chng thnh a ch IP cho m t server c th m quy n Domain names s p x p thnh m t cy, c t thnh nhi u vng, m i vng c qu n l b i m t server c th . Khng gian tn mi n ch a m t cy tn mi n. Cy con chia thnh nhi u vng M t vng ch a t p h p cc node lin quan c qu n l b i DNS nameserver chnh th c
19
Cy phn c p DNS
M i node hay l trn cy c 1 hay nhi u b ng ngu n, ch a thng tin lin quan n tn mi n M t namespace n c th lm ch nhi u vng.
20
T ch c thnh cy phn c p t ng t nh cch t ch c phn c p c a th m c (organized into hierarchy similar hierarchy filesystem), bao g m: root domain top-level domains (TLD) Geographic aside for country in the world (by a 2letter: vn, fr, uk,jp, organizational com, edu, gov, mil, net, int, org (based on the type of organization)
21
22
Nhn ph i nh t chuy n n vng cao nh t (toplevel domain) M i nhn cho n pha tri nh ngh a s chia nh hay l vng con c a vng trn n. V d : wikipedia.org bi u hi n vng con c a vng org; en.wikipedia.org bi u hi n vng con c a mi n wikipedia.org.
23
Domain name server ch a 1 t p c phn c p DNS server. DNS server c quy n cng b tn mi n v nameserver c a nh ng vng d i n. S phn c p t m ki m sot c a DNS server t ng h p v i s phn c p mi n.
24
NetBIOS-over-TCP/IP (NetBT) l 1 thnh ph n m ng tch h p s n trong Windows c nhi m v phn gi i tn t NetBIOS name sang IP. C ch phn gi i NetBIOS name: a). S d ng Broadcast. b). S d ng WINS Server. Gi i php khng s d ng Broadcast h i a ch IP c a m t my tnh trong m ng l s d ng m t my ch l u NetBIOS Name a ch IP c a ton b cc my tnh trong m ng, my ch ny c g i l WINS Server.
25
Cc thnh ph n c a h th ng WINS
My ch d ch v WINS
Subnet 2
C s d li u WINS
WINS Proxy
WINS Client
WINS Server
1 2
My khch g i yu c u
ng k t i my ch WINS
My ch WINS ghi nh n thng tin v g i l i thng s thng bo ng k thnh cng My khch yu c u h y b tn My ch WINS g i xc nh n h y tn
1
Subnet 2
Subnet 1
2 3
My ch WINS B
Subnet 2
1 2 3
My khch lin l c 3 l n v i my ch WINS, nh ng khng nh n c h i p My khch lin l c t i t t c cc my ch WINS khc t i khi no nh n c h i p Sau khi phn gi i thnh cng, my ch WINS tr k t qu l i cho my khch
sends name
If WINS query fail client sends IP broadcast packet containing a name query request.
contains the NetBIOS name of the computer to be resolved. WINS server returns IP address that WINS database maps to NetBIOS name. client uses IP address to establish a session with target computer. If target computer is on same subnet returns IP address to the querying computer and direct session is established.
If IP broadcast name query request fails to return an IP address, client examines its local LMHOSTS file , if local LMHOSTS contains an #INCLUDE statement pointing to a remote LMHOSTS file on a server, it examines remote LMHOSTS file as well.
29
My ch WINS B
My A
My B
C ch Push ho t
ng ra sao
My ch WINS s nh c nh cc my ch WINS khc l c s thay i trong c s d li u c a mnh C ch Push p ng nhu c u ng b ha cho cc ng truy n c b ng thng l n 4 Replicas sent 3 Replication sent 2 Notification request My ch WINS WINS Server A A My ch WINS WINS Server B B
Subnet 1
1
50 changes occur in database
Subnet 2
1 2 3 4
My ch WINS A c 50 thay
i trong c s d li u i
My ch WINS A g i xc nh n v b t
C ch Pull ho t
ng ra sao
Subnet 2
1 2
c c u hnh ng v b t
Windows file and printer sharing uses NetBIOS over TCP on port 139 Microsoft extended and updated SMB extended to support Distributed File System (DFS) called Self Host and uses TCP port 445
33
client resolves server name to IP address client establishes TCP connection to server
on port 139 when NetBIOS is used or on port 445 when Self Host is used
34
Server
TCP/IP mail delivery protocol move user's mail from server to user's local mail reader same basic service as POP and adds features to support mailbox synchronization extends the definition of what constitutes mail
36
Giao th c tin c y ch u trch nhi m phn pht mail. L m t d ch v h ng k t n i (connectionoriented service) Ho t ng d a trn chu n giao th c TCP, s hi u c ng (port) ho t ng l 25.
37
Cc t p l nh c a SMTP
38
SMTP
39
POP
C 2 phin b n c a POP (Post Office Protocol) c s d ng r ng ri l POP2, POP3. POP2 dng c ng 109; POP3 dng c ng 110. Cc cu l nh trong hai giao th c POP2, POP3 ny khng gi ng nhau nh ng chng cng th c hi n ch c n ng c b n l ki m tra tn ng nh p v m t kh u c a ng i dng v chuy n mail c a ng i dng t Server t i h th ng c mail c c b c a user.
40
POP
client
implementation in the Outlook mailer implementation as part of mail server role available through Windows Server 2003 Configure Your Server wizard
server
41
POP
42
POP
Cc t p l nh trong POP3
43
44
IMAP
45
MIME
MIME is extension of the original TCP/IP mail system, not a replcement for it. MINE is more concerned with what the mail system delivers than it s with the mechanics of delivery. Structure of the mail message carried by SMTP is defined in RFC 822 MIME extends RFC 822 into 2 areas
RFC 822 only transfers 7-bit ASCII data Content-Type header and Content-Transfer-Encoding header
46
MIME
47
48
Dynamic DNS
permits a DNS server to be dynamically updated by the DHCP server or client uses a 5-field format for DNS queries and responses Microsoft integrates DHCP on both client and server with Microsoft DNS, WINS, and Active Directory.
49
contain other objects.Ex : Computers and Users logical collection of computers that includes at least one domain controller. stores a copy of Active Directory database for its domain and specialized software provides domain services and centralized management capabilities.
50
Domain
Domain controller
Domain naming
Tree
Windows 2000 and Windows Server 2003 domains are named using DNS formatted names consisting of a name and extension. If the organization has a registered DNS name it may chose to use this name as the name of a tree root domain in its Active Directory forest, but it does not have to. hierarchical collection of domain controllers in same DNS domain namespace. composed of 1 or more Windows domains arranged in 1 or more trees. created when the first DC in the first domain of the forest is created. This first domain is called the forest root domain.
51
Forest
52
OU
OUs are containers that subdivide domains. used to separate users and groups OU can contain objects such as users, groups and other OUs. domain has a single default OU, domain controllers OU, which by default contains every DC in the domain
53
Site
sites are used to represent the physical structure of the forest defined in Active Directory by identifying one or more IP subnets can contain one or more DCs from a single domain and/or one or more DCs from multiple domains
54
Site
55
56
Update change
replicas of Active Directory using DC updated on DCs and global catalog (GC) servers forest-wide Active Directory database Made GC server
57
GC contains
First DC of forest
DC (Domain Controller)
Roles
Domain-naming master
Controls management of schema objects. Controls addition or removal of domains in forest Allocates a series of relative IDs (RIDs) to each DC in a domain
RID master
Infrastructure master
Windows NT Primary Domain Controller (PDC) when Window NT 4.0 computers are domain members Updates references from its domain's objects to objects in other domains
58
User needs to authenticate or identity on network must locate a DC in its domain access to forest-wide resources authorization accounts in 1 domain can be assigned access to resources in another domain domain trusts another domain
59
Kerberos style
network authentication technique for users and computers in 1 AD domain trust exists between domain A - domain B and domain Bdomain C domain A also trusts domain C If a trust exists domain A and domain B, a trust also exists between domain B and domain A
60
Transitive
Two-way
Group Policy
used to deliver software installation, config settings selected users and PC with accounts in AD domain consists
client-side extensions
61
server-side elements
store config settings. used to configure thousands of systems automatically 2 default GPOs
Administrative tools
tool to review effect of proposed or actual Group Policy settings for specific computers and clients. resultant review is stored and can be examined later.
62
GPOs that may impact a user or PC are applied in a top-down hierarchical fashion.
First, any GP Settings on local PC are applied Next those on the site object, followed by those linked to domain, OU, and any nested OU objects Until account container is reached. If a conflict exists between the Security Setting or Administrative Template setting during the application of multiple GPOs, the setting in the GPO closest to the account wins. no conflict exists, all settings are cumulatively applied.
64
Enabled/Disabled
Security Filter
PC and/or user section of GPO must be enabled in order for that section to be applied. user or PC account must have Read and Apply Group Policy permission on GPO. default, Authenticated Users group has these permissions. However, GP administrator can configure permissions so that only certain groups of PC or users can apply
WMI Filter
Windows Management Instrumentation (WMI) filter can be used to prevent a GPO from being applied to computers that have specific features detectible through WMI. supports monitoring and management of system resources. can detect whether a PC has a specific feature and prevent GPO application based on that information.
65
Block Inheritance
Enforced (Override)
domain or OU has Block Inheritance property, higher level in GPO hierarchy are not applied.
GPOs at a
Loopback
policy that reapplies user portion of PC GPO settings to a PC after application of user based policy. This means that there is a consistent user policy in place on the computer. useful for kiosk and other publicly available PC where privileges of the user logged on should have no bearing on application of Group Policy restrictions.
66
stored on client computer Windows\system32\Group Policy folder stored partially in AD and partially in DC filesystem. recorded in AD Administrative template .adm files and the Security Settings .inf files %systemroot%\SYSVOL\sysvol\<domainname>\Policies
GPO properties
67