TCP/IP Connectivity Options Under NT 4.0
Colton S. Johnson
The connectivity and related services provided by TCP/IP are the heart of most UNIX environments. While most system administrators are familiar with setting up TCP/IP under UNIX, adding a Windows NT server to the network raises new questions. This article examines basic TCP/IP options under Windows NT version 4.0, including SNMP, network printing support, FTP server service, DHCP, and WINS, and how to configure them in a Unix network environment. Unless otherwise specified, Windows NT version 4.0 is referred to as simply NT.
The administrative concepts behind configuring NT networking are parallel to those of UNIX. Drivers for installed hardware elements are configured, services (and the protocols that support them) are enabled, and the necessary configuration parameters, such as IP addresses and host names, are defined. NT accomplishes the configuration through a hierarchy of screens, most of which are based on the Network icon in the NT Control Panel. Double-clicking the Network icon brings up the primary Network configuration screen (see Figure 1) which provides tabs for Identification, Services, Protocols, Adapters, and Bindings. The general syntax is to select the appropriate tab, and then click on the Add button to configure an item. Configuration details are generally defined by highlighting an item in the upper part of the screen and then clicking on the Properties button.
Installing the NIC
To add a network interface card (NIC) in NT, double-click on the Network icon in the Control Panel. Once the Network dialog box appears (see Figure 1), click on the Adapters tab and then Add. Select your adapter from the most common on the list, or click the Have Disk button and insert the manufacturer's driver diskette in the floppy drive. In case you don't have a disk, contact the adapter manufacturer, you can probably download the drivers from the Web. Once selected, the adapter appears in the Network Adapters list.
Configuring TCP/IP on NT
As with most system administration tasks, you must do some planning before configuring TCP/IP on NT. First, decide whether your network will use Dynamic Host Configuration Protocol (DHCP) to automatically assign IP addresses to hosts. If so, you'll want to configure TCP/IP to obtain an IP address from a DHCP server as discussed in the next section. In addition, you may want the NT machine to be the DHCP server. Two other options to be aware of are whether the NT machine will be a Windows Internet Name Server (WINS) or whether it will be a WINS proxy agent. (The name resolution aspect of WINS is discussed later in this article.) It is important to recognize that DHCP server service, WINS server service, and WINS proxy agent service are options only available with NT Server, not NT Workstation.
Basic TCP/IP Configuration
Basic configuration of NT's implementation of TCP/IP simply involves adding the TCP/IP protocol and defining the particulars using the general procedures described earlier. First, double-click on the Network icon in the Control Panel. Once the Network icon's dialog box is displayed, click on the Protocols tab, then click the Add button, and finally, select the TCP/IP protocol from the list (usually all the way down at the bottom). TCP/IP has been added.
Of course, TCP/IP is useless unless the IP address, subnet mask, and default gateway are defined. Define these by highlighting the TCP/IP Protocol item and then clicking the Properties button. (Figure 2) shows the IP Address configuration screen. If you're using a DHCP server for automatic configuration, click on "Obtain an IP address from a DHCP server." NT will automatically configure the necessary TCP/IP values during system initialization. (Some of the basic considerations with DHCP are discussed later.)
If you're not using DHCP, then click on "Specify an IP address" and fill in the machine's IP address, subnet mask and default gateway (router). Make sure the correct adapter is displayed in the adapter box. It is possible to install and configure NT for multiple network adapter cards.
At this point, you are ready to use NT's standard TCP/IP utilities including ftp, telnet, ping, rexec, tracert, etc. A complete list of networking utilities provided with NT are shown in Table 1 .
NT's TCP/IP Options
NT supports various familiar TCP/IP options, including Dynamic Host Configuration Protocol (DHCP), HOST files, Domain Name System (DNS), Windows Internet Name Service (WINS), Simple Network Management Protocol (SNMP), FTP Server, and Network Printing Support. The following sections provide an overview of NT's approach to these services. For more details, refer to the NT 4.0 Resource Kit's Networking Guide.
Dynamic Host Configuration Protocol, or DHCP, was designed to reduce administrative tasks associated with the assignment and maintenance of IP addresses throughout the network. As networks have become more dependent on TCP/IP as their core connection mechanism, network administrators have been introduced to a new management nightmare: managing hundreds or even thousands of IP addresses for each device on the network. The main way IP addresses have been managed in the past (and still may be today in many organizations) is with databases and/or tables maintained in a spreadsheet or word processing program. DHCP seeks to solve this problem by using dynamic configuration of TCP/IP clients on the network.
Implementing DHCP requires a DHCP server that allocates IP addresses for machines on a network, and DHCP clients (workstations) that receive IP configuration parameters. The configuration parameters passed to the client include the IP address of the machine and any IP addresses of subnets and gateways, along with information about any DNS and WINS servers that may exist on the network. These parameters are transmitted from the DHCP server when the DHCP client starts up. An NT machine becomes a DHCP client by clicking the option "Obtain an IP address from a DHCP server" in the TCP/IP properties dialog box (see Figure 1). To create and maintain a DHCP server, refer to the Networking Guide that is part of the NT Resource Kit.
DHCP works by dynamically assigning IP addresses to machines. IP addresses are "leased" to clients for a set amount of time. The lease time can vary from a single hour to a hundred years or it can be infinite. The IP address can only be used during the lease time. In addition, DHCP can be configured to allow specific IP addresses to be assigned to the same device over and over. Available IP addresses are kept in a pool for client assignment. There can also be reserved IP addresses set aside for manual assignment to clients. This pool is referred to as a DHCP Scope and is defined as a grouping of configuration parameters for all machines on a specific subnet. The NT administrator defines scopes and no DHCP clients can be configured until the scope is defined.
A DHCP client initiates the assignment process when it starts up by transmitting a "dhcpdiscover" packet to a DHCP server. The DHCP server then responds to the DHCP client with the IP configuration settings in a "dhcpoffer" packet. At this point, the DHCP client replies to the DHCP server with a "dhcprequest" packet containing the offered IP settings. Finally, the DHCP server acknowledges with a "dhcpack" packet and from that point on the IP settings are used by the client. Other packets include "dhcpdecline" which is sent from the DHCP client to decline the offered IP settings, "dhcpnack" which is sent from the DHCP server if the IP settings are no longer valid, and "dhcprelease" which is sent from the DHCP client to release the IP address.
It is important to note that when a DHCP client logs off the network and then back on, it transmits a "dhcprequest" packet, not a "dhcpdiscover" packet to the DHCP server. This is in attempt to reuse the previously assigned IP settings. Should the IP address be in use by another DHCP client at this time, a "dhcpnack" packet is transmitted to the DHCP client and the DHCP client must then transmit a "dhcpdiscover" packet to request a brand new IP address.
Hosts Files, DNS, and WINS
Name resolution refers to the ability to locate and communicate with resources in the network. The idea is to map human-readable host names with IP addresses. There are three main ways NT resolves host names: a HOSTS file on the local drive, DNS, and WINS.
When you install NT's TCP/IP, a sample version of a HOSTS file is created in the \systemroot\SYSTEM32\DRIVERS\ETC directory. NT's HOSTS file follows the same format as the UNIX /etc/hosts file and can be edited with any text editor.
Although NT's other uses of the term "domain" can get confusing when overlapped with DNS considerations, NT can use DNS for name resolution. In many cases, NT is being added to an existing TCP/IP network with established UNIX-based DNS servers. In this case you simply add the IP addresses of the DNS servers to NT when you configure TCP/IP. To do this, use the TCP/IP properties dialog box and click on the DNS tab and then the Add button under the DNS Service Search Order (see Figure 3). You will be prompted to enter the IP addresses of your network's DNS servers. In addition, you should add the unique host name that identifies the machine and the DNS domain to which the machine belongs. To create and maintain an NT DNS server, refer to the Networking Guide that is part of the NT Resource Kit.
Microsoft developed Windows Internet Naming Service (WINS) to provide name resolution for MS-Windows-based networking. Although this can be accomplished with DNS as we've previously seen, WINS is most likely used when a DNS does not exist. Conceptually it works the same way as DNS in that it maps resource names to IP addresses. WINS is more flexible with NetBIOS PC networks than DNS, however. Although DNS is the standard among UNIX networks, given the popularity of Novell Netware, WINS has its place. For a complete study of WINS including setting up a WINS server and/or proxy agents, refer to the NT Resource Kit's Networking Guide. To configure an NT client machine to use WINS, click on the WINS Address tab in the TCP/IP Properties dialog box and enter the IP addresses of your primary and secondary WINS servers.
The Simple Network Management Protocol, or SNMP, is used to monitor and control TCP/IP-based networks. SNMP works with two entities: a management station that collects information about network components and agent software that resides on network components (e.g., routers). Agents provide diagnostic information to the management station. In most cases the management station is a centralized computer somewhere on the network. Information provided by the agent includes protocol identification and statistics, configuration data, and event and error messages. In most cases, SNMP works in a synchronous fashion where the management station polls the agents. However, in the case where an event or error occurred in the network component, SNMP works in an asynchronous fashion. That is, the agent itself sends a message to the management station. In this manner, the management station would know immediately if an error has occurred in a network device. This is referred to as a trap. Information relating to the management of network components is maintained in a database called a Management Information Base, or MIB. Current specifications for the MIB are known as MIB-II. This database contains managed object descriptions and object values identified by its Object ID, or OID.
Communication between management stations and agents is done via UDP, not TCP. While the User Datagram Protocol (UDP) is less reliable than the Transport Control Protocol (TCP), UDP requires less overhead than its connection-oriented cousin, TCP. In addition, UDP has the significant advantage of being able to send messages over a damaged or packet-corrupted network (you can't do that with TCP).
NT's Implementation of SNMP
NT's implementation of SNMP allows an NT computer to report its status to an SNMP manager over TCP/IP when the management system requests it or when an error or event occurs that the manager should be made aware of. To add SNMP to NT use the Network icon in the Control Panel. Then click on the Service tab and then the Add button. Select SNMP Service from the list and then OK. Once the SNMP service has been added, it will need to be configured. Select the properties of the SNMP service to configure three main components: Agent, Traps, and Security.
SNMP security authenticates messages it receives from management stations. Agents and management stations share a common password known as a community name. Only messages received by agents that contain the correct community names are processed, all others are discarded. Optionally, SNMP agents can be configured to send back a trap to a management station if message authentication fails. By default, the community name when SNMP is installed is "public." Community names can be modified, deleted, or added by clicking on the Security tab in the SNMP properties window. In addition, using this same dialog box, you can configure SNMP to only accept packets from a list of hosts.
Clicking on the Agent tab in the SNMP properties window configures the SNMP agent. The default configuration options are already checked. You will, however, need to enter the user name (contact) and location. These values are provided as part of the MIB returned to the management station. An example of a contact and location would be email@example.com and "jcrew.com" respectively.
The final SNMP configuration task is the trap configuration, which can be done by clicking on the Traps tab in the SNMP properties window. It is here where trap destinations, that is management station IDs to which traps are sent, are entered. Enter a Microsoft networking computer name, or IP address(es) of the host or hosts to which you want traps sent. The trap destination must be a computer that is running the SNMP management program.
NT provides two SNMP-related utilities in the 4.0 Resource Kit. The first is snmputil.exe. This is a browser utility used to get information from NT-based SNMP hosts. The second utility is snmpmon.exe. This utility can be used to monitor SNMP MIB objects on hosts throughout the network.
NT supports FTP server capabilities that allow non-NT systems such as UNIX hosts to connect to NT servers to transfer files. To configure the FTP server service in NT 4.0 you must configure the Internet Information Server (IIS). IIS includes not only the FTP Server, but also World Wide Web Services and Gopher Service. For additional information on IIS refer to the Networking Guide in the NT 4.0 Resource Kit. To configure IIS, click on the Network icon in Control Panel, select the Service tab and then click the Add button. Additionally, select the FTP Service check box to install the FTP Server service.
telnet Client and ftp Client
Without installing IIS, NT includes both the telnet and ftp client utilities. These utilities are character-based and are run from an MS-DOS command prompt providing terminal emulation (telnet command) and client-side file transfer capabilities (ftp command) for sending files to UNIX hosts.
Network Printing Support
NT provides various choices for network printing. Non-Unix network hosts can print directly to TCP/IP printers through NT. Additionally, Unix hosts can print to any printer which NT has access to. In other words, NT can either generate lpr requests or can service outside lpr requests with its lpdsvc print service.
In either case, you must install the TCP/IP printing option by clicking on the Network icon in the Control Panel. Then click the Service tab and Add. Select Microsoft TCP/IP Printing from the list and click OK.
Servicing lpr Requests from Unix Hosts
1. Install the TCP/IP printing option as described above.
2. Ensure NT's lpdsvc service is running. Click on the Service icon in Control Panel or type net start lpdsvc from the NT command prompt.
3. Create a printer on NT. Use the Add Printer icon in the Printers folder in My Computer. Refer to the NT documentation for more information on this.
4. Modify /etc/printcap on Unix to create a BSD-Style printer. Be sure to use the name of the NT machine for the "rm" entry and the name of the printer from step 3 for the "rp" entry. For more information on this refer to your Unix documentation.
5. Issue the lpr command from Unix.
Creating lpr Print Requests for Unix Hosts
Creating lpr requests on NT simply means creating an NT printer to use an "lpr" port. Option Add Printer My Computer Add Port LPR Port New Port does this. Enter two things: the network name or IP address of the Unix host providing the lpd daemon and the name of the printer/print queue on the Unix host, as shown in Figure 4.
Once the lpr-compatible printer is created, any network machine that has access to the NT machine can print to the printer.
Although this article has examined only the basic aspects of TCP/IP network configuration for NT, you can see that the underlying concepts within NT are similar to those of UNIX. Thus, it is relatively easy to add an NT server to a UNIX network and establish familiar network-based communications facilities between NT and UNIX systems. You should also be aware that various security concerns that have not been addressed here are associated with establishing network connectivity with an NT server.
About the Author
Colt Johnson earned a B.S. in Mathematics from Liberty University. He is currently Network/Communications Manager for J.Crew Group, Inc. in Lynchburg, VA specializing in cross-platform integration between PCs, UNIX, and MVS. He can be reached at firstname.lastname@example.org.