Lesson 1: Integrating Windows 2000 with Novell NetWare
The integration of Windows 2000 Server in a Novell NetWare-based environment introduces several issues. You need to determine a common network protocol for both systems, for instance. You may consider synchronizing the NetWare and Windows 2000 accounts to simplify the environment for your users, who otherwise might have to cope with different account information for NetWare and Windows 2000.
This lesson covers the management and configuration issues that you will encounter when you combine Windows 2000 Server and NetWare in a network. You will learn about configuring networking components such as the NWLink IPX/SPX-Compatible Transport, Gateway Services for NetWare (GSNW), and the Service Advertising Protocol (SAP) Agent. The lesson also discusses additional utilities that can simplify the administration of mixed Windows 2000 Server/NetWare environments.
At the end of this lesson, you will be able to:
- Install the NWLink IPX/SPX-Compatible Transport.
- Use TCP/IP to integrate Windows 2000 with NetWare 5.
- Install and configure GSNW.
- Identify and use additional utilities for NetWare.
Estimated time to complete this lesson: 30 minutes
NWLink-Based Connections
The Internetwork Packet Exchange/Sequenced Packet Exchange (IPX/SPX) protocol is used most often in NetWare networks. The corresponding Windows implementation is known as the NWLink IPX/SPX-Compatible Transport, often simply called IPX/SPX as well. Most of the components for NetWare interoperability supplied by Microsoft require NWLink as the underlying networking protocol. It is a 32-bit transport stack that supports Novell NetBIOS and RPCs (see Figure 10.1).
Figure 10.1 The IPX/SPX-compatible implementation
RPC over SPX
SPX, a part of the IPX/SPX protocol, is similar to TCP in that it provides a transport-level communication mechanism between computer systems. One of its tasks is data package sequencing, which ensures that data move in chronological order.
SPX Sockets
Outlook 2000 must contact the Information Store service using RPCs to provide you with access to your server-based mailbox. This means that a communication interface for NetWare workstations that allows use of IPX/SPX for RPC communication must exist. Windows Sockets (Winsock) provides this interface, known as SPX Sockets.
Installation
To support workstations using IPX/SPX, you must install NWLink at the Windows 2000 level on your Exchange 2000 server. You can accomplish this via the Properties of your Local Area Connection. Display the Network And Dial-Up Connections window (right-click My Network Places on the desktop and select Properties from the shortcut menu), right-click Local Area Connection, and then select Properties from the shortcut menu.
By default, only TCP/IP is installed, but you can add the NWLink protocol in the Local Area Connection Properties dialog box by clicking the Install button. In the Select Network Component Type dialog box, select Protocol, click Add, and, from the Network Protocols list, select NWLink IPX/SPX/NetBIOS Compatible Transport Protocol, and then click OK. System files will be copied from the Windows 2000 installation CD-ROM and, after that, you can manually adjust configuration settings if required.
NOTE
It is not necessary to reboot the server to have the changes take effect.
Frame Types
In the Local Area Connection Properties dialog box, by selecting the NWLink IPX/SPX/NetBIOS Compatible Transport Protocol and clicking the Properties button, you can manually specify frame types for IPX/SPX. By default, frame types are detected automatically; however, if you experience communication problems, disabling automatic frame type detection is a good idea.
The frame type corresponds to the format of data packages sent through the network at the data link layer, which is handled by Ethernet. Frame type is a factor for any network layer protocol, but it is particularly important on NetWare networks because different versions of NetWare support different frame types. You must use the same frame type for all computers in the network; otherwise, communication will fail. Frame types are shown in Table 10.1.
Table 10.1 Frame Types
| Frame Type | Network Topology |
|---|---|
| Ethernet II, 802.3, 802.2, SNAP | Ethernet |
| Token ring, SNAP | Token ring |
| 802.2, SNAP | FDDI |
| ArcNet-frames | ArcNet |
The default frame type for NetWare 2.0 through 3.11 Ethernet networks is 802.3; later versions use 802.2. For token ring, as you might expect, the default is token ring and for Fiber Distributed Data Interface (FDDI), it is 802.2. If you are not sure which frame type your NetWare servers are using, type config at the NetWare server's system console, and check the Frame Type setting for your network adapter.
Setting the Frame Network Number
When manually configuring frame types, you will also need to specify the corresponding external network number with each frame type added. An external network number is an eight-digit number known as the IPX network ID, which identifies every NetWare network. All resources that belong to a particular NetWare network must use the same external network number. Therefore, frame types and their associated network number must match the corresponding configuration on the NetWare servers. You can check the configuration on the NetWare server by typing config at the server's system console. It is also possible to determine the network number from the AUTOEXEC.NCF file, where it is specified in the NET= option of the BIND IPX command (for example, BIND IPX 3C90X_1_E82 NET=F47A162C).
NOTE
Windows 2000 typically detects the external network number automatically, but you must adjust it manually if you use multiple frame types or network adapters.
Setting the Internal Network Number
The internal network number identifies every NetWare server and possibly every computer running Windows 2000 Server. This number is frame type independent and must be unique within your NetWare network. It must not be 0 if the Windows 2000 computer is supposed to provide any services to NetWare clients or if it is used to route IPX in the network. In the NWLink IPX/SPX/NetBIOS Compatible Transport Protocol Properties dialog box, use the Internal Network Number box to set this parameter.
NetBIOS over NWLink
As you can see on the Local Area Connection Properties property sheet, NWLink NetBIOS is installed automatically with IPX/SPX. However, any router between your workstation and the server must pass the IPX packet type 0x14; otherwise, the NetBIOS communication cannot take place over IPX, and the connection attempt will fail.
IP-Based Connections
NetWare/IP is available with Novell NetWare 4.0 and later versions. However, NetWare/IP uses a different IP implementation that cannot communicate with Microsoft's TCP/IP stack. Fortunately, Novell's current release, NetWare 5, provides support for native IP and allows you to run your network with IP only, but also with both IP and IPX, or with just IPX.
Advantages of TCP/IP
It is advantageous to configure TCP/IP in your NetWare-based environment because TCP/IP greatly simplifies the integration of Exchange 2000 Server. Exchange 2000 Server requires TCP/IP in any case, and, if NetWare supports TCP/IP as well, you can avoid the installation of NWLink on the Exchange 2000 computer, thus avoiding protocol and configuration overhead.
Installing Gateway (and Client) Services for NetWare
GSNW is an additional service that enables Windows 2000 Server to access resources on NetWare servers. Installing GSNW allows you to access NetWare resources from the Exchange 2000 server.
Using the Local Area Connection Properties dialog box, you can install GSNW from the Windows 2000 Server installation CD-ROM. Click the Install button, and, from the Select Network Component Type dialog box, select Client. Click Add, and, from the Select Network Client dialog box, select Gateway (and Client) Services for NetWare, then click OK. This time, you must restart the Windows 2000 server. When you log on locally to the server again, you need to provide valid NetWare account information in the Select NetWare Logon dialog box (such as Preferred Server or Default Tree and Context).
NOTE
Gateway (and Client) Services for NetWare requires NWLink and is not supported in TCP/IP-only environments.
Enabling Windows NT Server to Act as a Gateway to NetWare Servers
Communication between Windows 2000 Server (configured as a NetWare client by GSNW) and Novell NetWare servers is accomplished through the NetWare Core Protocol (NCP). Communication between Windows 2000 Server and Microsoft-based workstations relies on Server Message Blocks (SMBs). Consequently, if Windows 2000 Server and GSNW could translate NCP into SMBs, Microsoft-based workstations could access NetWare servers through the Windows 2000 Server.
The good news is Windows 2000 Server can act as a gateway to NetWare— translating incoming Microsoft client requests into the correct NetWare format and thus providing NetWare resources to native Microsoft workstations. The Microsoft workstation is not aware of the translation. To the workstation, it appears that the client is working with resources on the computer running Windows 2000 Server (see Figure 10.2).
Figure 10.2 Accessing Novell NetWare resources via GSNW
NOTE
Windows 2000 Server connects to NetWare servers on behalf of a special NetWare account that must be a member of a special NetWare group called NTGATEWAY. A Novell NetWare administrator must create the account and the group on the NetWare server before you can configure GSNW through the GSNW applet in the Control Panel.
File and Print Services for NetWare
File and Print Services for NetWare (FPNW) allows users on NetWare workstations to access files, printers, and applications on a Windows 2000 server. The machine running Windows 2000 Server acts just like a NetWare server (see Figure 10.3). As a matter of fact, you can use native NetWare utilities to manage—up to a point—a Microsoft Windows NT server if FPNW is installed.
Figure 10.3 File and Print Services for NetWare
Service Advertising Protocol Agent
To ensure that native NetWare workstations can locate a computer running Windows 2000 Server in a NetWare network, you must install the SAP Agent on the server in addition to the GSNW. Support for SAP is required because NetWare clients rely on this protocol to perform name resolution. Native NetWare servers, your Windows 2000 Server computer running FPNW, and all IPX routers must use SAP to periodically broadcast their services, server name, and the IPX internal network address to each other (see Figure 10.4).
Figure 10.4 Connecting to Windows 2000 with a NetWare workstation over IPX/SPX
To install the SAP Agent on Windows 2000 Server, open the Network And Dial-Up Connections program from the Control Panel and display the properties of the Local Area Connection. Click the Install button to display the Select Network Component Type dialog box, where you need to select Service, and then click Add. In the Select Network Service dialog box, select SAP Agent, and click OK. Because the SAP Agent has no properties to configure, you can close the Local Area Connection Properties dialog box immediately. A server reboot is not necessary.
SAP Broadcast Packet
The SAP Agent itself does not announce a Windows 2000 Server to the NetWare network. This is the task of GSNW. Using both components, the Windows 2000 Server computer advertises itself across the IPX network using a SAP broadcast packet, which contains the server name and the IPX internal network number.
NDS and the Active Directory Directory Service
When integrating Exchange 2000 Server into your NetWare environment, you need to maintain user account and mailbox information in an Active Directory forest in addition to the NetWare directory. Novell NetWare systems rely on NDS or the legacy Bindery for account management. Unfortunately, without additional components, there is no coordination of user accounts and passwords across both platforms. Different policies might force your users to maintain passwords of different length and complexity that might expire at different intervals. Even the account names can differ.
Manual Versus Automatic Logon
Automatic logon allows you seamless access to network resources on the basis of a single authentication when initially accessing the network. If you are working on a native NetWare workstation, you will log on to NetWare first. When you launch Outlook 2000 to connect to your Exchange 2000 mailbox, you need to log on to your Active Directory domain in a separate step. Consequently, the Enter Password dialog box will appear at client startup, prompting you for User Name, Domain Name, and Password.
To support automatic logon, you need to keep the account information in both environments the same. When you log on to your workstation running Windows 2000 Professional, you supply your NetWare account information, which is cached by the operating system. Outlook 2000 can obtain this information and supply it to Exchange 2000 Server automatically—provided that you are using the NT Password Authentication mechanism. Because account name and password are the same, you can get access to your mailbox without being prompted for Windows 2000 account information. The configuration of the Exchange transport service was covered in Chapter 8, "Microsoft Outlook 2000 Deployment."
Directory Synchronization
It is difficult to keep the NetWare and Windows 2000 account information synchronized manually. Fortunately, an automatic synchronization mechanism is available from Microsoft, known as Microsoft Directory Synchronization Services (MSDSS).
MSDSS allows you to synchronize Active Directory accounts with accounts in NDS or Bindery, including password information. However, password synchronization is only supported from Active Directory to NDS (or Bindery) because access to encrypted NetWare passwords is not provided. In other words, when you use MSDSS to create Windows 2000 accounts from your NetWare accounts, you cannot transfer over the users' existing passwords. You will need to specify an initial password value (such as user account name or empty password) in the MSDSS session configuration. If you change your password later on in Active Directory, MSDSS can transfer the password information into the NDS (see Figure 10.5).
IMPORTANT
MSDSS requires the Novell Client Software to be installed on Windows 2000 Server, which cannot coexist with GSNW. If you are using interoperability solutions that require GSNW, consider installing an additional Windows 2000 domain controller for Novell NetWare Client 5 and MSDSS.
Figure 10.5 NDS and Active Directory synchronization
MSDSS and the Connector to Novell GroupWise
When integrating Exchange 2000 Server in an environment with NetWare and Novell GroupWise, it is important to adjust the MSDSS configuration to avoid the synchronization of GroupWise addresses (that are stored in NDS) with Active Directory. Exchange users cannot use GroupWise addresses replicated through MSDSS. E-mail address information must be synchronized using the Directory Synchronization feature of the Connector for Novell GroupWise, which is introduced in Chapter 29, "Connecting to Novell GroupWise."
To prevent MSDSS from synchronizing GroupWise address information with Active Directory, add the SyncEmailAddress REG_DWORD value to the Registry under the following location:
HKEY_LOCAL_MACHINE \System \CurrentControlSet \Services \MSDSS \Parameters
A value of 0 disables the synchronization of GroupWise address information.
EAN: N/A
Pages: 186