Solved

mixed network

Posted on 2011-03-11
19
376 Views
Last Modified: 2012-06-27
I have another question that asks about this, but since I am not receiving any assistance, let me break them down into smaller questions.

We have inherited a Win Server 2003 and Terminal server.  The small office is currently two networks, a wireless one (three wired connections) through a Bellsouth DSL modem, and one in the back where three computer are connected through cat 5.  The wireless network is the 192.168.1.xxx network and uses dhcp.  The one in back is 192.168.0.xxx, no dhcp.  basic peer to peer with a pseudo server (win7) running peachtree complete and quickbooks, and two workstations that occassionally access win7 server and mostly work off of a NAS for the main accounting.  Also have a HP Laserjet heavy duty printer connected.  The wired network is on a different workgroup than wireless network.  The two workstations in back also are connected to the wireless network, one by wireless, the other through a cat 5 run since wireless signal was flaky back there.

Now then the question.  Since we now have the win server 2003, I imagine all that wish to connect to it will have to join the domain.  One of the computers in back used to connect through vpn to the terminal server to do data entry.  Can we still use vpn over the internal network for her to communicate, or do I have to now have her join the server domain to access the server directly.  And if I do that, how will that affect my wired network in back of which she is attached?

Any suggestions as to how to proceed on this?

Thanks
0
Comment
Question by:jjackson2004
  • 8
  • 6
  • 5
19 Comments
 
LVL 3

Accepted Solution

by:
tearman earned 250 total points
ID: 35109450
You can join computers to a domain over VPN and keep them operating, the question is why?

You don't NEED to join them to a domain, and your environment might be small enough that it might not even be worth it.  AD has some neat features as far as SSO goes but with systems like those, it might not even be worth it.

Ultimately, I'd probably bridge the two networks together (wireless and back office) then do a dual-WAN uplink (Cisco makes small business routers, and Astaro makes software that can do it as well) network with 2 VLANs (the wireless and the hardwired).

However, you might consider moving your wireless to the Ubiquiti UniFi system since its cheap and offers some excellent management capabilities for you as the sysadmin.
0
 

Author Comment

by:jjackson2004
ID: 35109526
So the computers can access the server without joining the domain?

I apologize that it was not clear why I am asking this.  The current setup is working. Now we have the server and the need to access it.  That is why I was asking these questions.
0
 
LVL 4

Assisted Solution

by:DataPro
DataPro earned 250 total points
ID: 35109543
Why do you have two seperate networks if you want them all to connect to the server?
You can statically assign computers in the 192.168.1.xxx network, just make sure your DHCP settings don't hand out their IP address.  This can be done by reserving an IP using their MAC address in DHCP.  If you have two networks so that the accounting computers were not on the internet and thus unprotected, you would obviously need security software added like Symantec End Point.  You will need to have enough CALs for clients that access the server, but you don't have to join the domain neccessarily.  Why would you not want to join the domain?   Is the 2003 server also a terminal server?  You can just connect via RDP to the terminal server on the internal network and not need to join any domain.
0
 
LVL 3

Expert Comment

by:tearman
ID: 35109547
There really isn't much of a reason to have them on a domain unless you want SSO.  I have a set up for a small business that uses Exchange and file systems off of a set of systems with the end client machines NOT joined to the domain (even though a domain exists for Exchange).

Frankly with all the nuances of Group Policy, I'd avoid it until you got a lot more comfortable with it and had a reason to go forward there.
0
 

Author Comment

by:jjackson2004
ID: 35109554
Maybe AD is much better these days, but back in the old days when it came out, it was not fun to work with and I avoided it whenever possible.  But then again, I was a Novell person so that could also have been why as well.
0
 

Author Comment

by:jjackson2004
ID: 35109562
Ok, how would you set it up.  (what is sso?)
0
 
LVL 3

Expert Comment

by:tearman
ID: 35109569
AD hasn't improved a whole lot over the years.  Its gotten some nice new features (like GP recycle bins in AD2008), but its still the gift that keeps on giving (REALLY easy to mess something up very badly).
0
 
LVL 4

Expert Comment

by:DataPro
ID: 35109574
Yes you can access the server without joining the domain.
0
 
LVL 3

Expert Comment

by:tearman
ID: 35109585
SSO = Single Sign-On.  If you WANT to set it up, assign the Domain Controller role to a server, then go through that process.  It'll install a BUNCH of roles (like DNS).  THEN you have to point your DNS on your DHCP server on the alternate network to your domain controller, then tell every individual machine, instead of working on a workgroup, to work off a domain (whatever you choose it to be).
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 4

Expert Comment

by:DataPro
ID: 35109610
Just connect them all to the same network 192.168.1.xxx.

Then have the user names and passwords match on the server and computer you will use as workgroup.  Since you aren't using a domain for those computers, you will use local logon.
0
 

Author Comment

by:jjackson2004
ID: 35109631
I would prefer to do this with as little work on the server as possible.  If I could get the server and terminal server set up at this new location (it was at a different office before), it would be great.  The dream is that I can just connect them back up, and then figure out how to tell terminal server that it has a new static ip address to access.  I also assume that I have to open some ports on the dsl modem.  Then I will worry about the local computers that have to access it.

 If this is delving into a different question, I will copy this out to a new question.

Thanks all for prompt replies.  I am on site and stressed.
0
 
LVL 3

Expert Comment

by:tearman
ID: 35109632
But with your setup, I'd probably just bridge the two networks together to two separate VLANs, and run ethernet to as many boxes as possible, then switch to Ubiquiti's UniFi wireless system where you can't.  Use Astaro Small Business Edition for your router.  Life would be much easier that way.  pGina is an open source project to replace ActiveDirectory's built-in mechanism on each machine if you NEED SSO across machines but not necessarily with all the nuances of AD.
0
 

Author Comment

by:jjackson2004
ID: 35109988
I have not dealt with servers since wireless became so prevalent.  Can you have connect to the windows server through wireless without a problem.  I notice that you keep referring to Ubiauiti's system, so I am assuming that there is a problem trying to connect to the domain over wireless.

Also, anyone familiar with dell powerconnect switches?  the picture has it and I cannot read the whole model number, it appears to be *724?  anyway, each server has two ethernet connections and they are all connected to the powerconnect, but one of each is plugged into the rightmose ports, which have a line around them as if they are segregated some how.  Otherwise, it would seem to cause a problem to have both ethernet cables plugged into same switch.
0
 
LVL 4

Expert Comment

by:DataPro
ID: 35110122
The servers may have both ethernet connections going into one switch.  The Power Connect switch should be a 24-port smart switch.  In which the connections may have settings for port 24 involving the server.  You can connect to the server via wireless, if you a have a wireless access point or wireless router on the network with the servers.  Do not attach a wireless adapter to the server.
0
 
LVL 4

Expert Comment

by:DataPro
ID: 35110148
Here is a link to the power connect 2724 Gigabit network switch online PDF manual:

http://support.dell.com/support/edocs/network/pc27xx/en/ug/PDF/UG_ENd.pdf

This will tell you how to logon and configure the switch.
0
 
LVL 4

Expert Comment

by:DataPro
ID: 35110163
What is controlling your DHCP currently on the network that contains the domain controller?
0
 

Author Comment

by:jjackson2004
ID: 35110192
The bellsouth dsl modem is wireless also.  So you are saying that they can use that to connect to the server?

Why would a server have two ethernet connections going into same switch?  Seems redundant.  Looked up port 24 and it appears to be involved with mail, which is not a concern of ours at this time.
0
 
LVL 4

Expert Comment

by:DataPro
ID: 35110225
When you say port 24 is involved with mail are you refering to firewall ports or physical ports on switch?
0
 
LVL 4

Expert Comment

by:DataPro
ID: 35110238
Depending on how the server and switch are configured, the second ethernet cable may be joined to work as one cable, or as fail over connection (Redundant).
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now