[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Novell Client on Windows Domain with Different Subnets

Posted on 2005-04-21
19
Medium Priority
?
683 Views
Last Modified: 2008-01-09
Hello experts,

I have a Novell network we are running accounting software on. This network is 192.168.111.X and I have a Windows AD Domain environment too. This network is 10.1.1.X. Basically everything is done on the Windows domain, but we need connectivity to the Novell network too. FYI: I have no experience with Novell at all!

When I inherited this network some of the machines were running the Novell Client, and they have connectivity to both networks; this works like a charm. Now I want to add the client to other machines in the network so they have access to Novell, but when I do it seems that the XP Pro SP2 machines can't see the Novell Tree, Server or Context. I bet it is probably because they are on different subnets, but not sure. Anyway, how do I make it work? Please someone help!

Best regards!
0
Comment
Question by:ekriner
  • 6
  • 6
  • 5
  • +1
19 Comments
 
LVL 34

Accepted Solution

by:
PsiCop earned 1000 total points
ID: 13836110
<pet peeve>
"Novell" is a company. "NetWare", "SUSE Linux", "OES" and "eDirectory" are products, some of many from that company. You have a "NetWare network" (or OES, or whatever), just like you have "Windows AD Domain" not not "Micro$oft AD Domain".
<pet peeve>

Well, how to approach your situation depends in great part on what VERSION of NetWare (or whatever is running on that side) you have. At a server console prompt (the screen with the server name and a : after it), enter --> VERSION

What does it say?

Assuming you have a modern (v5.1 or later) version of NetWare, first, understand that, unlike your Windoze environment, the NetWare environment relies heavily on standards, such as Service Location Protocol (SLP). So the usual M$ tools won't see anything. Modern NetWare is also quite comfortable using TCP/IP as a transport, and I'm assuming that's what being done on the machines that see the NetWare environment.

I notice you're running XP SP2. The laughable excuse for a "firewall" that gets turned on in SP2 is naturally configured to block anything that Redmond doesn't want you to run. So try turning off the "firewall" and see if that helps.

Also, make sure you have the latest version of Novell Client 32 for XP, which is freely available on Novell's extensive tech support website --> http://download.novell.com/Download?buildid=2ss2JIYshRc~
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 13836133
If you are able to solve the "problem" by turning off the "firewall", then if you can edit its configuration (I understand you can't in XP Home), you need to enable a number of TCP and UDP ports. Novell TID #10013531 (http://support.novell.com/cgi-bin/search/searchtid.cgi?/10013531.htm) outlines these.
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 13836224
Also note that modern NetWare can be configured to appear as many different types of servers - NFS to *NIX, AFP to Mac, CIFS to Windoze. The functionality is called Native File Access Protocols (NFAP) and was introduced in NetWare v6.0. It was also back-ported to v5.1 (you have to download and install it on that old version).

Using Novell Identity Manager (IDM, http://www.novell.com/identitymanager) you can also unify much of the management of the NetWare/OES/eDirectory environment with that of Windoze/AD. IDM can give you single-point-of-user adminstration (for example, password changes), and the modern NetWare/OES/eDirectory environment is almost entirely manageable from a browser-independent (that is, not chained to IE) web-based interface (specifically, iManager v2.5).

And if you take the time to discover eDirectory, you'll find its a solid 5 or more years ahead of AD in any technological aspect you might care to name. Want to make Server X host an NDS replica (equivalent to making it a DC)? No need to re-install, just a few mouse clicks and its done. Need to perform a repair on eDirectory? No need to reboot the server into special "Directory Repair" mode (with that machine-specific and not-centrally-administerable password) - eDirectory repairs can be done on the fly, without interrupting authenticated users. Permissions changes don't require logout/login to be effective (because eDirectory ACLs are dynamically calculated). Replication is of object deltas (changes), not the entire object. eDirectory uses standards-based time synchronization (NTP), and it really means something.
0
New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

 

Author Comment

by:ekriner
ID: 13836770
Thanks for your response, FYI - You never closed your </pet peeve> tag so I basically can't interpret that one, It just seems like a whole lot of NONSENSE to the interpreter!

Anyway, I have checked the version and here is what is reported:
Novell NetWare 5.1
Support Pack Revision 02
Server Version 5.00.09
NDS Version 8.73

Windows Firewall is turned off via Group Policies; however I have been toying with the idea of turning it on in order to stop an outbreak of a virus that may spread via ports. I am not sure you know this or not, but Microsoft did not make their Firewall to replace Firewall devices. They simply made it to help secure the OS from virus’ that propagate via ports in Windows environment. Microsoft’s Firewall that comes with XP and is beefier with SP2 is an incoming firewall, and not an outgoing firewall.

I have downloaded the latest NetWare Client from the Novell site, and installed it that way. I did not try to add the client via Network Properties in XP. Also, we have no XP HOME PC’s since this is an AD/Domain environment. HOME will not allow a PC to join a domain.

I am not searching for a solution to serving File, DNS, DHCP, Print, Web…etc. I have that solution in a Microsoft Windows environment, and I must say it works very well! My opinion, redirect your anger and get MS Certified. It would benefit you greatly in the long run! Don’t hate the player…Hate the Game!
0
 
LVL 30

Expert Comment

by:pgm554
ID: 13836875
Since you are crossing subnets ,you might have an issue seeing the tree or server due to the way the client finds NW servers.

This is an issue when you go to pure IP in a multiple subnet env.
If IPX were in use ,then the trees or servers can be found by using RIP/SAP.

But when you go to pure IP ,a service called SLP must be enabled on your network.
You must use the NW client,since the client for NW services included in M$ cannot connect to a NW server by means of pure IP

You will need to set up what is referred to as a DA server and then configure the NW clients to see and use the DA.

There are different ways to set this up,so first things first ,which version of NW?
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 13836948
Whoops! You're right ...the tag was not properly closed.

OK, NetWare v5.1 is the oldest still-supported version, but Support Pack 2 tells me that it hasn't been updated in about 4 YEARS. The latest Support Pack for NetWare v5.1 is SP 8, available for free from --> http://support.novell.com/filefinder/9331/index.html

Note that I've been assuming that the NetWare environment was configured to use TCP/IP as a transport. But it does support IPX, and its possible the previous admin configured it that way. At the same server console prompt, enter --> CONFIG

It'll tell you what protocols are bound, among other things. That information is necessary to troubleshoot connectivity problems.

RE: your opinion. If all you've ever had is flank steak, I'm sure you don't understand why anyone would want filet mignon.
0
 
LVL 30

Expert Comment

by:pgm554
ID: 13836975
Since it is 5.1 you must go to the console on the 5.1 box and type in the following.

SLPDA  

It will ask you if you want to create a DA.

Accept the defaults.

Then you need to add this line to the autoexec.ncf

load slpda

This is so that when the server reboots the DA will be loaded automatically.

Note the IP address of your server and write it down.

Next you will need to install the Novell client 32 on your XP boxes ,
Do a custom install .IP only,no NMAS,no IPX.

After you have installed the client ,you will need to configure it to use the DA,go into the NW client properties and add the ip address of the DA and click the check box for static.

You could do this through your DHCP server ,some firewalls (CheckPoint)will let you hand out SLP as well as W2K & 3 server DHCP servers.(It would save you a step or 2)
0
 
LVL 30

Expert Comment

by:pgm554
ID: 13837005
Sorry

load SLPDA

to first configure.
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 13837097
SLP ain't gonna do much if the previous admin used IPX. Which is what I was trying to figger out. No sense in sending the Asker on a wild-goose chase.

Also, since NetWare v5.1 uses SLP v1, and that permits unscoped DAs, then really all the Asker needs to do is LOAD SLPDA. No configuration is needed.
0
 
LVL 35

Expert Comment

by:ShineOn
ID: 13837516
That would also determine the best way to install the client.  If the previous admin was using IPX, the Asker should custom install the client with IPX-only, not IP-only.  Since the Windoze network is on a Class A private network and the NetWare box is using a Class C private network address, it's not much of a stretch to assume they were using IPX to access NetWare.  It'd be pretty stupid to use two different IP networks on the same physical segment unless you have a darn good reason, and I can't think of one.
0
 
LVL 30

Expert Comment

by:pgm554
ID: 13838316
Now I want to add the client to other machines in the network so they have access to Novell, but when I do it seems that the XP Pro SP2 machines can't see the Novell Tree, Server or Context.

>I bet it is probably because they are on different subnets, but not sure.

Seems to me, the new XP boxes he wants to use are on a different subnet.

IP should be configured by default on the 5.1 box ,so even if the old boxes are running ipx,the new ones if configured to use a DA should work.
0
 
LVL 35

Expert Comment

by:ShineOn
ID: 13838791
If the NetWare box isn't in the 192.168.111 network for a reason that anyone can find, it might be easier to change the IP address to one that fits with the rest of the network.
0
 
LVL 35

Expert Comment

by:ShineOn
ID: 13838797
If there isn't a route from the 10 network to the 192.168.111 network, SLP won't help, since the client will have a 10 network address...
0
 
LVL 30

Expert Comment

by:pgm554
ID: 13839509
It's relatively easy to add a DA to the NW box.

Changing an IP address will screw up SSL certificate services and it's a bit more complicated to fix than just adding a route to a vlan or router.
0
 
LVL 35

Expert Comment

by:ShineOn
ID: 13839869
Re-creating SSL certificates is easy.  The only issues with changing IP address is finding all the places that have that address and changing it, and running DSREPAIR to change the server object's IP address info, and re-creating the certificates.  If the only device in the 192.168.111 network is the NetWare server, it makes no sense not to.  That simplifies everything else, including having to deal with SLP multicast issues in a routed environment.
0
 
LVL 30

Expert Comment

by:pgm554
ID: 13840277
So that's easier than adding a route to a vlan or router to a novice at NW?
Sorry ,but in my opinion ,no it isn't.

I've done this before on  10.x networks  and NW servers with a class C address and it's just a simpler ,easier way.

If this were a 6.x network(they made it a whole lot easier) maybe,but on a 5.x ,it's a pain.I know ,I 've done it.
There is a reason in the ATT training they make a point of how much easier it is to change an IP address on a 6 server as opposed to a 5.

And if he can ping the NW subnet,the DA and unicast SLP is the way to go.

So why bother with the hassle of changing a subnet?
0
 
LVL 35

Expert Comment

by:ShineOn
ID: 13841588
I didn't say it's "easier."  I said it makes more sense.
0
 

Author Comment

by:ekriner
ID: 13842467
Hey everyone,

I am out of the office for a couple more hours this morning, so I won't be able to really get into it until later. Thanks for all the replys though! I do want to stress what I stated in my original question, "When I inherited this network some of the machines were running the Novell Client, and they have connectivity to both networks; this works like a charm." Those machines are Windows XP SP2 too. Anyway, it seems I don't need to do anything if some already have connectivity to NW & MS networks.

Thanks again everyone!
0
 
LVL 35

Expert Comment

by:ShineOn
ID: 13842620
Just check how that connectivity is done - IPX or IP - and go with it.  Don't take the defaults on the client install.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will help to fix the below errors for MS Exchange Server 2016 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
Last month Marc Laliberte, WatchGuard’s Senior Threat Analyst, contributed reviewed the three major email authentication anti-phishing technology standards: SPF, DKIM, and DMARC. Learn more in part 2 of the series originally posted in Cyber Defense …
this video summaries big data hadoop online training demo (http://onlineitguru.com/big-data-hadoop-online-training-placement.html) , and covers basics in big data hadoop .
Loops Section Overview
Suggested Courses
Course of the Month18 days, 6 hours left to enroll

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question