Chapter 7: Network Services - 12 Questions

Question 1

What is the relationship between clients and servers as it relates to network service access?

Answer 1

Client software accesses network services provided by server software. The connection is established using a common network protocol known by both the client and server software. Thus, the client and server software can be from different sources.

Question 2

What is the relationship between a network service and a network port?

Answer 2

Network services are established with a common network protocol. The protocol specifies which TCP or UDP port number to use for communications.

Question 3

What two dynamic network service discovery protocols does Lion support?

Answer 3

Lion supports Bonjour and Server Message Block (SMB), including support for legacy Network Basic Input/Output and Windows Internet Naming Service (NetBIOS and WINS) dynamic network service discovery protocols.

Question 4

How does Lion use dynamic network service discovery protocols to access network services?

Answer 4

Devices providing a network service advertise their availability via a dynamic network service discovery protocol. Clients that are looking for services request and receive this information to provide the user with a list of available network service choices.

Question 5

What five network file services can you connect to from the Finder’s “Connect to Server” dialog?

Answer 5

From the Finder’s “Connect to Server” dialog, you can connect to Apple File Protocol (AFP), Server Message Blocks/Common Internet File System (SMB), Network File System (NFS), Web- based Distributed Authoring and Versioning (WebDAV), and File Transfer Protocol (FTP) network file services.

Question 6

How are items inside the Finder’s Network folder populated?

Answer 6

The Finder uses information provided by the dynamic network services discovery protocols to populate the
Network folder. Computers providing services appear as resources inside the Network folder, and service discovery zones or workgroups appear as folders. Any currently connected servers also appear in the Network folder.

Question 7

What is AirDrop, and how do you know whether a specific
Mac supports it?

Answer 7

AirDrop provides a quick and easy way to share files locally over Wi-Fi. AirDrop creates a secure peer-to-peer network between local Mac computers. You can verify that a Mac supports AirDrop from the Go menu in the Finder.

Question 8

How do you provide Lion file-sharing services to other computers?

Answer 8

To provide services to other network clients, you first set the computer’s network identification, then enable the desired network file service, and finally define access to file system resources.

Question 9

How is authentication handled to a client Mac providing SMB service?

Answer 9

To support SMB authentication to a Mac client providing file- sharing services, users’ passwords must be stored in a special format that’s enabled in Sharing preferences.

Question 10

What shared items are accessible to an administrative user who connects over AFP or SMB? What about a standard user?

Answer 10

Administrators who connect to your Mac over AFP or SMB have access to any locally mounted volume. By default, standard users can access only their home folder and other users’ Public folders.

Question 11

What items are shared by default by all users?

Answer 11

By default, the items shared by all users are the local users’ Public folders inside their home folders.

Question 12

What client sharing services can Lion provide?

Answer 12

The OS X client sharing services include screen sharing, remote login, remote management, remote Apple Events, and Xgrid sharing.

Question 13

What is the security risk of enabling client sharing services?

Answer 13

If a client sharing service is compromised, an unauthorized user can control your Mac and execute unwanted applications or processes.

Question 14

How does Lion’s built-in firewall work? What advanced firewall settings are available?

Answer 14

Lion’s built-in firewall inspects each incoming network connection to determine whether it’s allowed. Connections are allowed or denied on a per-application basis. The advanced firewall settings let you control whether signed applications are automatically allowed through the firewall, control the list of allowed (or denied) applications, and enable stealth mode (which means your Mac won’t respond to any unsolicited connections).

Question 15

What are some known issues that arise when connecting to network file services?

Answer 15

Files with metadata may cause problems for NFS or WebDAV network file systems. Also, avoid AFP 2 services when they’re provided by Windows file servers.

Question 16

What are three common troubleshooting techniques for issues involving failure to connect to network services?

Answer 16

Review the Network preferences, review the Network Utility statistics, and attempt to connect to different network services.

Question 17

What is a directory as it relates to directory services?

Answer 17

A directory is a database of information that in some cases can be shared over the network. The most commonly accessed directory resource is account information.

Question 18

What are six common types of resources that Lion can access from a directory service?

Answer 18

Common directory resources that Lion can access include user accounts, user groups, computer accounts, computer groups, network file mounts, and management settings.

Question 19

What are the primary differences between local, network, and mobile accounts?

Answer 19

Local accounts are available only to a single Mac; network accounts are available to Mac computers connected to a network directory service; and mobile accounts are network accounts that are cached to the local Mac for offline use.

Question 20

What are four advantages of using network directory services to store account information?

Answer 20

Four advantages of using network directory services to store account information are: 1) user accounts are no longer tied to individual Mac computers; 2) the same user account information can be used for multiple network services; 3) you can use Kerberos to provide secure single-sign-on authentication; and 4) you can define user and computer settings from a centralized location.

Question 21

What four directory service types can be used in Lion?

Answer 21

The directory service types that can be used in Lion are Local, Network Information Systems (NIS), Lightweight Directory Access Protocol version 3 (LDAPv3), and Active Directory (AD).

Question 22

What is authentication? What is authorization?

Answer 22

Authentication is the process of proving your identity to the computer; authorization defines which items or services you can access.

Question 23

What are three common authentication methods?

Answer 23

Three common authentication methods are basic or clear-text passwords, encrypted passwords, and Kerberos ticket–based authentication.

Question 24

What is a Kerberos ticket? What is a Key Distribution Center (KDC)?

Answer 24

Kerberos tickets validate an account’s identity. Kerberos uses ticket-granting tickets (TGTs) and service tickets. Kerberos requires a special trusted service known as the KDC. In most cases, the KDC service is running alongside the network directory service.

Question 25

How do Kerberos and the keychain system differ for managing authentication services?

Answer 25

Kerberos can only be used to authenticate Kerberized services and is often managed on a network-wide scale. The keychain system can be used to save a wide variety of authentication information, but only the local Mac can access saved keychain information.

Question 26

What are five common directory services and authentication services troubleshooting techniques?

Answer 26

Common troubleshooting techniques for directory services and authentication services are: 1) attempting to authenticate with another user account; 2) resetting the account password; 3) verifying network directory service connectivity and configuration; 4) verifying Kerberos authentication and configuration; and 5) checking the directory service log files.