22. NT, UNIX and Novell NetWare

Domain (my_d) Local audit policy Success Failure • User login/logout ü File and object access ´ Use of user rights User and group management Security policy changes Restart/shutdown Process tracking \\bills_ pc \\ freds _ \\server1 Domain audit policy Success Failure etc

UNIX file attributes

UNIX TCP/IP for its communications. NFS for mounting files over a network. ICMP (for ping, traceroute, and so on). RIP (for routing). ARP (for determination of MAC addresses). DNS (for determining domain names). BOOTP (for IP address allocation). FTP (for file transfer). TELNET (for remote login). NIS (for creating domains). RPC (for remote processing execution). SMTP (for e-mail). SNMP (for network management)

Transport Driver Interface (TDI) Application Presentation Session Transport Network Data link Physical NetWare (SPX/IPX) UNIX/ Internet (TCP/IP) Windows (NetBEUI) Media Access Control Ethernet/ ATM/ ISDN/ etc. Application program Network Device Interface Specification (NDIS) NDIS Wrapper NDIS NIC Driver NIC

Application programs NetWare shell (NETx) NCP (network core protocol) software SPX/IPX ODI (open data-link interface) NetWare client: Windows NT, Windows 3.1, Unix, OS/2, Mac or DOS NIC (network interface card) hardware server

Problems with Novell NetWare 3 It uses SPX/IPX which is incompatible with TCP/IP traffic. It is difficult to synchronize servers with user information. The file structure is local to individual servers. Server architecture is flat and cannot be organized into a hierarchical structure (Bindery services).

NDS Hierarchical server structure. Network-wide users and groups. Global objects. NDS integrates users, groups, printers, servers, volumes and other physical resources into a hierarchical tree structure. System-wide login with a single password. This allows users to access resources which are connected to remote servers. NDS processes logins between NetWare 3.1 and NetWare 4/5 servers, if the login names and passwords are the same. Supports distributed file system.

NDS (cont.) Synchronization services. NDS allows for directory synchronization, which allows directories to be mirrored on different partitions or different servers. This provides increased reliability in that if a server develops a fault then the files on that server can be replicated by another server. Standardized organizational structure for applications, printers, servers and services. This provides a common structure across different organizations. It integrates most of the administrative tasks in Windows-based NWADMIN.EXE program. It is a truly distributed system where the directory information can be distributed around the tree. Support for NFS server for UNIX resources. Multiple login scripts, as opposed to system and user login scripts in NetWare 3.1. Windows NT support.

Organization Electrical Mechanical Production Administration BINS/VOL1 Q_LASER CD_DISK SYS/VOL2 Container objects Root

[ROOT]. This is the top level of the tree [ROOT]. This is the top level of the tree. The top of the NDS tree is the [ROOT] object. C=Country. This object can be used, or not, to represent different countries, typically where an organization is distributed over two or more countries. If it is used then it must be placed below the [ROOT] object. NDS normally does not use the Country object and uses the Organization Unit to define the geographically located sites, such as SALES_UK.[ROOT], SALES_USA.[ROOT], and so on. L=Locality. This object defines locations within other objects, and identifies network portions. The Country and Locality objects are included in the X.500 specification, but they are not normally used, because many NetWare 4 utilities do not recognize it. When used, it must be placed below the [Root] object, Country object, Organization object, or Organizational Unit object.

Leaf Objects (CN - Common Name) Apart from the container objects (C, O, OU, and so on) there are leaf objects. These are assigned a CN (for Common Name). They include: CN=AFP Server CN=Bindery CN=Bindery Queue CN=Computer CN=Directory Map CN=Group CN=Organizational Role CN=Print Queue CN=Print Server CN=Printer CN=Profile CN=Server CN=User CN=Volume

LP=Licensed Product. This object is automatically created when a license certificate is installed. When used, it must be placed below the [Root] object, Country object, Organization object, or Organizational Unit object. O=Organization. This object represents the name of the organization, a company division or a department. Each NDS Directory tree has at least one Organization object, and it must be placed below the [Root] object (unless the tree uses the Country or Locality object). OU=Organization Unit. This object normally represents the name of the organizational unit within the organization, such as Production, Accounts, and so on. At this level, User objects can be added and a system level login script is created. It is normally placed below the Organizational object.

Primary server NIC MSL adapter Secondary server Duplexed traffic Network connections