| blob | ec431d287020468dc2e3ab0e99cd069b2d77a94c |
1 <?xml version="1.0" encoding="iso-8859-1"?>
2 <!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
3 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" [
4 <!ENTITY % global_entities SYSTEM '../entities/global.entities'>
5 %global_entities;
6 ]>
8 <chapter id="ClientConfig">
9 <chapterinfo>
10 &author.jht;
11 </chapterinfo>
13 <title>MS Windows Network Configuration Guide</title>
15 <sect1>
16 <title>Features and Benefits</title>
18 <para>
19 Occasionally network administrators will report difficulty getting Microsoft Windows clients to interoperate
20 correctly with Samba servers. It would appear that some folks just can not accept the fact that the right way
21 to configure MS Windows network client is precisely as one would do when using Microsoft Windows NT4 or 200x
22 servers. Yet there is repetitious need to provide detailed Windows client configuration instructions.
23 </para>
25 <para>
26 The purpose of this chapter is to graphically illustrate MS Windows client configuration for the most common
27 critical aspects of such configuration. An experienced network administrator will not be interested in the
28 details of this chapter.
29 </para>
31 </sect1>
33 <sect1>
34 <title>Technical Details</title>
36 <para>
37 This chapter discusses TCP/IP protocol configuration as well as network membership for the platforms
38 that are in common use today. These are:
39 </para>
41 <itemizedlist>
42 <listitem><para>
43 Microsoft Windows XP Professional.
44 </para></listitem>
45 <listitem><para>
46 Windows 2000 Professional.
47 </para></listitem>
48 <listitem><para>
49 Windows Millennium edition (Me).
50 </para></listitem>
51 </itemizedlist>
53 <sect2>
54 <title>TCP/IP Configuration</title>
56 <para>
57 The builder of a house must ensure that all construction takes place on a firm foundation.
58 The same is true of TCP/IP-based networking. Fundamental network configuration problems
59 will plague all network users until they are resolved.
60 </para>
62 <para>
63 Microsoft Windows workstations and servers can be configured either with fixed
64 IP addresses or via DHCP. The examples that follow demonstrate the use of DHCP
65 and make only passing reference to those situations where fixed IP configuration
66 settings can be effected.
67 </para>
69 <para>
70 It is possible to use shortcuts or abbreviated keystrokes to arrive at a
71 particular configuration screen. The decision was made to base all examples in this
72 chapter on use of the <guibutton>Start</guibutton> button.
73 </para>
75 <sect3>
76 <title>MS Windows XP Professional</title>
78 <para>
79 There are two paths to the Windows XP TCP/IP configuration panel. Choose the access method that you prefer:
80 </para>
82 <para>
83 Click <guimenu>Start -> Control Panel -> Network Connections</guimenu>
84 </para>
86 <para>
87 <emphasis>Alternately,</emphasis> click <guimenu>Start -></guimenu>, and right click <guimenu>My Network Places</guimenu>
88 then select <guimenuitem>Properties</guimenuitem>
89 </para>
91 <para>
92 The following procedure steps through the Windows XP Professional TCP/IP configuration process:
93 </para>
95 <procedure>
96 <step><para>
97 On some installations the interface will be called <guimenu>Local Area Connection</guimenu> and
98 on others it will be called <guimenu>Network Bridge</guimenu>. On our system it is called <guimenu>Network Bridge</guimenu>.
99 Right click on <guimenu>Network Bridge -> Properties</guimenu>. See <link linkend="WXPP002"/>.
100 <image id="WXPP002"><imagedescription>Network Bridge Configuration.</imagedescription><imagefile>WXPP002</imagefile></image>
101 </para>
102 </step>
104 <step><para>
105 The Network Bridge Configuration, or Local Area Connection, panel is used to set TCP/IP protocol settings.
106 In <guimenuitem>This connection uses the following items:</guimenuitem> box,
107 click on <guimenu>Internet Protocol (TCP/IP)</guimenu>, then click the on <guibutton>Properties</guibutton>.
108 </para>
110 <para>
111 The default setting is DHCP enabled operation.
112 (i.e., <quote>Obtain an IP address automatically</quote>). See <link linkend="WXPP003"/>.
113 <image id="WXPP003"><imagefile>WXPP003</imagefile><imagedescription>Internet Protocol (TCP/IP) Properties.</imagedescription></image>
114 </para>
116 <para>
117 Many network administrators will want to use DHCP to configure all client TCP/IP
118 protocol stack settings. (For information on how to configure the ISC DHCP server
119 for Microsoft Windows client support see, <link linkend="DHCP"></link>.
120 </para>
122 <para>
123 If it is necessary to provide a fixed IP address, click on <quote>Use the following IP address</quote> and proceed to enter the
124 IP Address, the subnet mask, and the default gateway address in the boxes provided.
125 </para></step>
127 <step><para>
128 Click the <guibutton>Advanced</guibutton> button to proceed with TCP/IP configuration.
129 This opens a panel in which it is possible to create additional IP Addresses for this interface.
130 The technical name for the additional addresses is <emphasis>IP Aliases</emphasis>, and additionally this
131 panel permits the setting of more default gateways (routers). In most cases where DHCP is used, it will not be
132 necessary to create additional settings. See <link linkend="WXPP005"></link> to see the appearance of this panel.
133 <image id="WXPP005"><imagefile>WXPP005</imagefile><imagedescription>Advanced Network Settings</imagedescription></image>
134 </para>
136 <para>
137 Fixed settings may be required for DNS and WINS if these settings are not provided automatically via DHCP.
138 </para></step>
140 <step><para>
141 Click the <guimenu>DNS</guimenu> tab to add DNS server settings.
142 The example system uses manually configured DNS settings. When finished making changes, click the <guibutton>OK</guibutton> to commit
143 the settings. See <link linkend="WXPP014"/>.
144 <image id="WXPP014"><imagefile>WXPP014</imagefile><imagedescription>DNS Configuration.</imagedescription></image>
145 </para></step>
147 <step><para>
148 Click the <guibutton>WINS</guibutton> tab to add manual WINS server entries.
149 This step demonstrates an example system that uses manually configured WINS settings.
150 When finished making, changes click the <guibutton>OK</guibutton> to commit
151 the settings. See <link linkend="WXPP009"></link>.
152 <image id="WXPP009"><imagefile>WXPP009</imagefile><imagedescription>WINS Configuration</imagedescription></image>
153 </para></step>
154 </procedure>
156 </sect3>
158 <sect3>
159 <title>MS Windows 2000</title>
161 <para>
162 There are two paths to the Windows 2000 Professional TCP/IP configuration panel. Choose the access method that you prefer:
163 </para>
165 <para>
166 Click <guimenu>Start -> Control Panel -> Network and Dial-up Connections</guimenu>
167 </para>
169 <para>
170 <emphasis>Alternately,</emphasis> click on <guimenu>Start</guimenu>, then right click <guimenu>My Network Places</guimenu> and
171 select <guimenuitem>Properties</guimenuitem>.
172 </para>
174 <para>
175 The following procedure steps through the Windows XP Professional TCP/IP configuration process:
176 </para>
178 <procedure>
179 <step><para>
180 Right click on <guimenu>Local Area Connection</guimenu>, now click the
181 <guimenuitem>Properties</guimenuitem>. See <link linkend="w2kp001"></link>.
182 <image id="w2kp001"><imagefile>w2kp001</imagefile><imagedescription>Local Area Connection Properties.</imagedescription></image>
183 </para></step>
185 <step><para>
186 The Local Area Connection Properties is used to set TCP/IP protocol settings. Click on <guimenu>Internet Protocol (TCP/IP)</guimenu> in the
187 <guimenuitem>Components checked are used by this connection:</guimenuitem> box, then click the <guibutton>Properties</guibutton> button.
188 </para></step>
190 <step><para>
191 The default setting is DHCP enabled operation.
192 (i.e., <quote>Obtain an IP address automatically</quote>). See <link linkend="w2kp002"/>.
193 <image id="w2kp002"><imagefile>w2kp002</imagefile><imagedescription>Internet Protocol (TCP/IP) Properties.</imagedescription></image>
194 </para>
196 <para>
197 Many network administrators will want to use DHCP to configure all client TCP/IP
198 protocol stack settings. (For information on how to configure the ISC DHCP server
199 for Microsoft Windows client support, see <link linkend="DHCP"></link>.
200 </para>
202 <para>
203 If it is necessary to provide a fixed IP address, click on <quote>Use the following IP address</quote> and proceed to enter the
204 IP Address, the subnet mask, and the default gateway address in the boxes provided.
205 For this example we are assuming that all network clients will be configured using DHCP.
206 </para></step>
208 <step><para>
209 Click the <guimenu>Advanced</guimenu> button to proceed with TCP/IP configuration.
210 Refer to <link linkend="w2kp003"></link>.
211 <image id="w2kp003"><imagefile>w2kp003</imagefile><imagedescription>Advanced Network Settings.</imagedescription></image>
212 </para>
214 <para>
215 Fixed settings may be required for DNS and WINS if these settings are not provided automatically via DHCP.
216 </para></step>
218 <step><para>
219 Click the <guimenu>DNS</guimenu> tab to add DNS server settings.
220 The example system uses manually configured DNS settings. When finished making changes,
221 click on <guibutton>OK</guibutton> to commit the settings. See <link linkend="w2kp004"></link>.
222 <image id="w2kp004"><imagefile>w2kp004</imagefile><imagedescription>DNS Configuration.</imagedescription></image>
223 </para></step>
225 <step><para>
226 Click the <guibutton>WINS</guibutton> tab to add manual WINS server entries.
227 This step demonstrates an example system that uses manually configured WINS settings.
228 When finished making changes, click on <guibutton>OK</guibutton> to commit the settings.
229 See <link linkend="w2kp005"></link>.
230 <image id="w2kp005"><imagefile>w2kp005</imagefile><imagedescription>WINS Configuration.</imagedescription></image>
231 </para></step>
233 </procedure>
235 </sect3>
237 <sect3>
238 <title>MS Windows Me</title>
240 <para>
241 There are two paths to the Windows Millennium edition (Me) TCP/IP configuration panel. Choose the access method that you prefer:
242 </para>
244 <para>
245 Click <guimenu>Start -> Control Panel -> Network Connections</guimenu>
246 </para>
248 <para>
249 <emphasis>Alternately,</emphasis> click on <guimenu>Start -></guimenu>, and right click on <guimenu>My Network Places</guimenu>
250 then select <guimenuitem>Properties</guimenuitem>.
251 </para>
253 <para>
254 The following procedure steps through the Windows Me TCP/IP configuration process:
255 </para>
257 <procedure>
258 <step><para>
259 In the box labeled <guimenuitem>The following network components are installed:</guimenuitem>,
260 click on <guimenu>Internet Protocol TCP/IP</guimenu>, now click on the <guibutton>Properties</guibutton> button. See <link linkend="WME001"></link>.
261 <image id="WME001"><imagefile>WME001</imagefile><imagedescription>The Windows Me Network Configuration Panel.</imagedescription></image>
262 </para></step>
264 <step><para>
265 Many network administrators will want to use DHCP to configure all client TCP/IP
266 protocol stack settings. (For information on how to configure the ISC DHCP server
267 for Microsoft Windows client support see, <link linkend="DHCP"></link>.
268 The default setting on Microsoft Windows Me workstations is for DHCP enabled operation,
269 i.e., <guimenu>Obtain IP address automatically</guimenu> is enabled. See <link linkend="WME002"></link>.
270 <image id="WME002"><imagefile>WME002</imagefile><imagedescription>IP Address.</imagedescription></image>
271 </para>
273 <para>
274 If it is necessary to provide a fixed IP address, click on <guimenuitem>Specify an IP address</guimenuitem> and proceed to enter the
275 IP Address and the subnet mask in the boxes provided. For this example we are assuming that all network clients will be configured using DHCP.
276 </para></step>
278 <step><para>
279 Fixed settings may be required for DNS and WINS if these settings are not provided automatically via DHCP.
280 </para></step>
282 <step><para>
283 If necessary, click the <guimenu>DNS Configuration</guimenu> tab to add DNS server settings.
284 Click the <guibutton>WINS Configuration</guibutton> tab to add WINS server settings.
285 The <guimenu>Gateway</guimenu> tab allows additional gateways (router addresses) to be added to the network
286 interface settings. In most cases where DHCP is used, it will not be necessary to
287 create these manual settings.
288 </para></step>
290 <step><para>
291 The following example uses manually configured WINS settings. See <link linkend="WME005"></link>.
292 When finished making changes, click on <guibutton>OK</guibutton> to commit the settings.
293 <image id="WME005"><imagefile>WME005</imagefile><imagedescription>DNS Configuration.</imagedescription></image>
294 </para>
296 <para>
297 This is an example of a system that uses manually configured WINS settings. One situation where
298 this might apply is on a network that has a single DHCP server that provides settings for multiple
299 Windows workgroups or domains. See <link linkend="WME003"></link>.
300 <image id="WME003"><imagefile>WME003</imagefile><imagedescription>WINS Configuration.</imagedescription></image>
301 </para></step>
302 </procedure>
305 </sect3>
307 </sect2>
309 <sect2>
310 <title>Joining a Domain: Windows 2000/XP Professional</title>
312 <para>
313 Microsoft Windows NT/200x/XP Professional platforms can participate in Domain Security.
314 This section steps through the process for making a Windows 200x/XP Professional machine a
315 member of a Domain Security environment. It should be noted that this process is identical
316 when joining a domain that is controlled by Windows NT4/200x as well as a Samba PDC.
317 </para>
319 <procedure>
320 <step><para>
321 Click <guimenu>Start</guimenu>.
322 </para></step>
324 <step><para>
325 Right click <guimenu>My Computer</guimenu>, then select <guimenuitem>Properties</guimenuitem>.
326 </para></step>
328 <step><para>
329 The opening panel is the same one that can be reached by clicking <guimenu>System</guimenu> on the Control Panel.
330 See <link linkend="wxpp001"></link>.
331 <image id="wxpp001"><imagefile>wxpp001</imagefile><imagedescription>The General Panel.</imagedescription></image>
332 </para></step>
334 <step><para>
335 Click the <guimenu>Computer Name</guimenu> tab.
336 This panel shows the <guimenuitem>Computer Description</guimenuitem>, the <guimenuitem>Full computer name</guimenuitem>,
337 and the <guimenuitem>Workgroup</guimenuitem> or <guimenuitem>Domain name</guimenuitem>.
338 </para>
340 <para>
341 Clicking the <guimenu>Network ID</guimenu> button will launch the configuration wizard. Do not use this with
342 Samba-3. If you wish to change the computer name, join or leave the domain, click the <guimenu>Change</guimenu> button.
343 See <link linkend="wxpp004"></link>.
344 <image id="wxpp004"><imagefile>wxpp004</imagefile><imagedescription>The Computer Name Panel.</imagedescription></image>
345 </para></step>
347 <step><para>
348 Click on <guimenu>Change</guimenu>. This panel shows that our example machine (TEMPTATION) is in a workgroup called WORKGROUP.
349 We will join the domain called MIDEARTH. See <link linkend="wxpp006"></link>.
350 <image id="wxpp006"><imagefile>wxpp006</imagefile><imagedescription>The Computer Name Changes Panel.</imagedescription></image>
351 </para></step>
353 <step><para>
354 Enter the name <guimenu>MIDEARTH</guimenu> in the field below the Domain radio button.
355 </para>
357 <para>
358 This panel shows that our example machine (TEMPTATION) is set to join the domain called MIDEARTH. See <link linkend="wxpp007"></link>.
359 <image id="wxpp007"><imagefile>wxpp007</imagefile><imagedescription>The Computer Name Changes Panel &smbmdash; Domain MIDEARTH.</imagedescription></image>
360 </para></step>
362 <step><para>
363 Now click the <guimenu>OK</guimenu> button. A dialog box should appear to allow you to provide the credentials (username and password)
364 of a Domain administrative account that has the rights to add machines to the Domain.
365 </para>
367 <para>
368 Enter the name <quote>root</quote> and the root password from your Samba-3 server. See <link linkend="wxpp008"></link>.
369 <image id="wxpp008"><imagefile>wxpp008</imagefile><imagedescription>Computer Name Changes &smbmdash; User name and Password Panel.</imagedescription></image>
370 </para></step>
372 <step><para>
373 Click on <guimenu>OK</guimenu>.
374 </para>
376 <para>
377 The <quote>Welcome to the MIDEARTH domain.</quote> dialog box should appear. At this point the machine must be rebooted.
378 Joining the domain is now complete.
379 </para></step>
381 </procedure>
383 </sect2>
385 <sect2>
386 <title>Domain Logon Configuration: Windows 9x/Me</title>
388 <para>
389 We follow the convention used by most in saying that Windows 9x/Me machines can participate in Domain logons. The truth is
390 that these platforms can use only the LanManager network logon protocols.
391 </para>
393 <note><para>
394 Windows XP Home edition cannot participate in Domain or LanManager network logons.
395 </para></note>
397 <procedure>
398 <step><para>
399 Right click on the <guimenu>Network Neighborhood</guimenu> icon.
400 </para></step>
402 <step><para>
403 The Network Configuration Panel allows all common network settings to be changed.
404 See <link linkend="WME009"></link>.
405 <image id="WME009"><imagefile>WME009</imagefile><imagedescription>The Network Panel.</imagedescription></image>
406 </para>
408 <para>
409 Make sure that the <guimenu>Client for Microsoft Networks</guimenu> driver is installed as shown.
410 Click on the <guimenu>Client for Microsoft Networks</guimenu> entry in <guimenu>The following network
411 components are installed:</guimenu> box. Then click the <guibutton>Properties</guibutton> button.
412 </para></step>
414 <step><para>
415 The Client for Microsoft Networks Properties panel is the correct location to configure network logon
416 settings. See <link linkend="WME010"></link>.
417 <image id="WME010"><imagefile>WME010</imagefile><imagedescription>Client for Microsoft Networks Properties Panel.</imagedescription></image>
418 </para>
420 <para>
421 Enter the Windows NT domain name, check the <guimenu>Log on to Windows NT domain</guimenu> box,
422 click <guimenu>OK</guimenu>.
423 </para></step>
425 <step><para>
426 Click on the <guimenu>Identification</guimenu> button. This is the location at which the workgroup
427 (domain) name and the machine name (computer name) need to be set. See <link linkend="WME013"></link>.
428 <image id="WME013"><imagefile>WME013</imagefile><imagedescription>Identification Panel.</imagedescription></image>
429 </para></step>
431 <step><para>
432 Now click the <guimenu>Access Control</guimenu> button. If you want to be able to assign share access
433 permissions using domain user and group accounts, it is necessary to enable
434 <guimenu>User-level access control</guimenu> as shown in this panel. See <link linkend="WME014"></link>.
435 <image id="WME014"><imagefile>WME014</imagefile><imagedescription>Identification Panel.</imagedescription></image>
436 </para></step>
438 </procedure>
440 </sect2>
442 </sect1>
444 <sect1>
445 <title>Common Errors</title>
447 <para>
448 The most common errors that can afflict Windows networking systems include:
449 </para>
451 <itemizedlist>
452 <listitem><para>Incorrect IP address.</para></listitem>
453 <listitem><para>Incorrect or inconsistent netmasks.</para></listitem>
454 <listitem><para>Incorrect router address.</para></listitem>
455 <listitem><para>Incorrect DNS server address.</para></listitem>
456 <listitem><para>Incorrect WINS server address.</para></listitem>
457 <listitem><para>Use of a Network Scope setting &smbmdash; watch out for this one!</para></listitem>
458 </itemizedlist>
460 <para>
461 The most common reasons for which a Windows NT/200x/XP Professional client cannot join the Samba controlled domain are:
462 </para>
464 <itemizedlist>
465 <listitem><para>&smb.conf; does not have correct <smbconfoption><name>add machine script</name></smbconfoption> settings.</para></listitem>
466 <listitem><para><quote>root</quote> account is not in password backend database.</para></listitem>
467 <listitem><para>Attempt to use a user account instead of the <quote>root</quote> account to join a machine to the domain.</para></listitem>
468 <listitem><para>Open connections from the workstation to the server.</para></listitem>
469 <listitem><para>Firewall or filter configurations in place on either the client or on the Samba server.</para></listitem>
470 </itemizedlist>
472 </sect1>
474 </chapter>