Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
Howdy,
I am currently upgrading a small public school district's Novell setup. They have 4 4.11 file servers with TCP/IP and NW/IP installed and one NW4.11 machine running DNS and as the primary DSS & NW/IP machine.
Their full-time tech. admin wants me to find a way to assign a specific IP address to each specific user (students & teachers). I have a full dB setup of all the users and their properties so I can re-populate the NDS tree from scratch if needed (in fact, we plan to do that to clean the tree and cycle the graduates out)
I just can't find a way for the life of me to assign a specific IP to each user.
We 10.173.0.0 - 10.178.255.255 assigned to this project, so the address themselves is not a problem. I would prefer using DHCP, but son't think thats even possible since the users use differant machines. We have Win 95-XP in district, mainly 98 & XP.
Any suggestion?
Thanks,
Ruscal
IP addresses are assigned to machines, not users. It doesn't matter if you are using Win 9X or XP, you assign static IP addresses to machines, not people. Furthermore, IP addresses are not portable, they don't "travel with" the user in the event that a particular user logs in using different machines. The admin's request is unreasonable. The only way this could work is if each user, regardless of who or where they are, always uses the same machine to log in to the network. Then, in effect, you have assigned "them" the IP address even though it is the machine with the address. Does your admin understand that an IP address is typically not a property of the user account?
Another solution that's less likely than the first is to teach all the users how to change the IP addresses of machines they are using so that they will alter the IP information for each individual client machine they sit at. Again, an unlikely scenario. Finally, there's the possibility that all users have lap tops with static IPs assigned. Then all they have to do is plug in to a data jack anywhere on the appropriate subnet.
0 
G'Day again,
Thanks for your input Mark.
Both the tech. admin and I know full well the technical aspects of IP assignment, the fact that IPs are assigned to machines and not users, and the fact that we don't even want the majority of the users accessing TCP/IP properties.
The trick we are looking for here is within Novell. I just noticed I didn't mention this, but I have seen this before. It was a small company running nothing but 2000's on a NW 4.11 NDS enviroment. (Perhaps 50 workstations at the most) The only thing I can figure was that a script was run upon login that changed the IP in registry and forced the OS to re-read its settings. Either that, or faked the MAC address via registry handlers, and renewed a DHCP lease. Since that company no longer exitst and their tech guy is still in Iraq I can't get a hold of it from them.
So ...once again... is there a way that anyone can think of that might allow this, and would it be possible to implement on this school network (1250-connections lisscensed)?
I personally belive that scripting is the way to go, but thats not my high ground, much less registry settings on win boxes.
Thanks,
RuscalPS - Mark, I'm sorry about the confusion. Like I said, we understand IP addressing, its the scripting we need help with.
0
This seems somewhat impractical, but it can be done with a fair bit of work (I'm not sure about win9x, but it can be done in NT/2000/XP).
May I ask WHY it is so important to assign a specific IP to a particular user? Is it for logging/security reasons? For profiles?
If it is for profiles, there is a MUCH MUCH easier way. If it is for security, then I would suggest that you can simply audit the connection logs or the entire network (causes some slowdowns) to varying degrees to log what users are doing. But, with some planning and well planned restrictions, you can remove virtually all threats from your network users.
Reply to this post or feel free to email me at abacchus@telus.net
Cheers :)
0
The basics of the procedure is for security reasons, but not as most of us think. As tech people, we see security issues as threats to the optimal operation of our systems. But this is for a public school in Texas. Im not sure on all the laws (the state has a few of its own) but there are a few such as CIPA (the Children's Internet Protecton Act, at least I think thats it) where we have to be able to account for every thing each student accesses. Now we have each machine with a static IP, and we can find the machine that accessed questoinable content and then track what user was logged in at that time. But this is getting more difficult as we upgrade systems. The teachers and campus officials have the insane idea that they can move the equipment and not tell anyone. So when we go looking for the Dell box with x.y.z.t IP address that is supposed to be in 401 and find nothing but Compaq machines, none of which have that IP, it gets difficult.
The idea was that from the logs on our filters, traffic shapers, and firewalls we could directly associate an IP with a user, but without restricting everybody to a specific workstation.
I hope that came out right, but I"ve been working on this project so long, its all starting to sound the same. As I said before, this is a *big* "like to" situtation, and not a requirement. But it would make the state agencies that give us over 70% of our technology funding a little happier, if you catch my drift.
Ruscal
--Welcome to public schools, its like hyper-space and the 5th-Dimension... things don't always make sense, or even follow the laws of nature, they just have to work..sorta--
0
Hey, just a thought... and I'm not sure if it'll work, but you'll tell me, right :)
What if you make a script/batchfile to reset the TCP/IP hostname to the user's login. The key would be
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters
string: Hostname
Since the DHCP logs note the hostname, IP address & lease times, you should be able to tell when a user logs in and, using the time, reconstruct which sites that particular user visited from your IP logs.
I know this isn't very elegant, but maybe it's a workaround...
I'll keep looking if I have some spare time this week -- good luck :)
0
i know this is not a linux forum but if your firewall runs on linux try getting linux to authincate any internet access by username using nds as reference point to a valid user and password and keep loggs of this internet access ie username, site, time and machine ip
0
Thank you both for you input. A, I think thats worth a valliant try, so I'll give it a shot, probab this weekend. Don't worry, I'll leave results here. And thank you too beama, but unfortunatly I don't have a *nix server in the lot. Every server in this district is NW with the exception of one NT machine that they have some sort of telnet based records administration program on, and they are phasing that one out.
Thanks
Ruscal
0
IP numbers are not the way to go. They are not designed for that purpose and can be ephemeral.
There are a variety of other methods that track the *user* rather than the workstation.
e.g.
A method we use is a simple database triggered by the user's login script.
It records the workstation IP, workstation name, User name, class, time (it could also give the MAC # if you need it).Within seconds I can determine who used a workstation and when.
Cross referenced to a search for *.lnk in student folders and our Bordermanager logs allows us to pinpoint what files were accessed in Office apps and what Internet sites were visited at what time by what student account on which workstation.
Using PCounter we can also check what documents were printed.You could also use less convenient Novel accounting.
see the following...
http://www.novell.com/coolsolutions/gov/features/trenches/tr_access_log2_gov.htmlhttp://www.novell.com/coolsolutions/gov/features/trenches/tr_access_log_gov.html
Geoff Taylor
0
Nortel Contivity VPN (Virtual Private Network) would allow you to assign an IP address to each and every user. Problem is, it costs a fortune.
In case you don't know how it works;
Block out the internet ports by using Contivity, make the students have to login to contivity through the gina in order to access internet. Just stick the .exe in the 'startup' folder or however you want to do it, it will then load and they will have to enter their user names and passwords, or you could install Novell SecureLogin to pass their credentials automatically, and they are then assigned static IP addresses that never change. I don't know if this is feasible in your case, but it would work.goodluck.
0
Howdy,
I want to thank all of you for your help and wonderful ideas on this project.
As it sits, I am beginging to assemble a dynamic SQL dB and PHP based web app to maintain the data about logins and their associated users. Then we are going to go with the basic idea Geoff showed us from the Goverment "Cool Solutions" page on the Novell site. I am already done with the logic on a program that will report IP, Novell User Name, and MAC address back to the dB which will associate times with it.
I plan to write this program in a .NET enviroment (most likly VB.net because I have more experience with VB than C). When its complete I'll post a link to the compiled app as well as the source here, and e-mail those of you who have asked for a solution when I found one.
Thanks again for all your help,
Ruscal
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
