• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 473
  • Last Modified:

Remote RAS authorization

I have a NT 3.51, 200 MHZ, 128 MB Ram server with service pack 5, 4 terminal server cards made by Rocketport and Cyclades serving 80 analog modems.
I have been told I need to divide these 4 cards onto two different machines because of resource problems.

My question is, how do I have PC#2 look to PC#1 for RAS authorization? Also do I have to re-format my current PC which is configured as a server and change it to a domain server? (It will be the one with the user database).

Is the PC that has the RAS user database supposed to be the primary domain and the second PC without the database the secondary domain? What steps do I go through to setup the computers to be a domain server and how to I tell PC#2 to look to PC#1 for user name and password authorization?

Please be elementary in your answer, I am dumb.... <g>
Example...
Step one, do this
Step two, do that
Step three, do this and that....

Thanks in advance...
0
alpha
Asked:
alpha
  • 3
  • 3
1 Solution
 
cerCommented:
You set up PC#1 as PDC (primary domain controller)
PC#2 is a server that joins the domain (it is NOT a domain on its own).
Now #1 and #2 akt as one and #2 automatically asks #1 for authentication.
I was told to avoid problems in the future it is better to reinstall #1 as PDC and not to upgrade it. I am not sure if this is true. I think upgrading must be possible in the servermanager or somewhere else in the control panel.

Sorry I have no steps for dumb users. Please try on your own first.

0
 
jmatasoCommented:
You cannot upgrade from a Workstation to a Domain Controller (or from a domain server to a domain controller).  You need to reinstall, see my answer to the 4/8/97 question titled "Trust Relationships" for more information on why.

The simplest solution is to create a domain (with either machine) and set it up with your accounts for RAS.  The second machine can either be a Backup Domain Controller or a Domain Server.  If it is a BDC, it will be able to authenticate even if the other machine is down, otherwise it will be down whenever the PDC goes down (for new connections).

Your steps in this process hould probably be as follows (I am assuming you are going to format PC#1):

-Copy down you account info from PC#1 (to paper)
-Reinstall PC#1 as PDC (w/ RAS)
-Reenter account info from paper (you will probably have some
 upset users at their accounts being reset, but it can't be
 avoided)
-Manually transfer the accounts from PC#2 to PC#1 (essentially
 the same process you did above, only you may not need to write
 them down on paper.  Once again, you may have some upset users).
-Now, optionally, you can reinstall the second server as a BDC.

--->John
email:  john.matasovsky@bigfoot.com
0
 
alphaAuthor Commented:
I do use the server for dialup RAS and I have over 1000 customers,
that's a lot of retyping. After I reformat the server and change it to a
PDC, isn't their a way to just restore my "SAM" RAS user database
without restoring the other registry keys and messing the whole thing
up?
Can I then put two terminal server cards in this PDC and put two other
terminal server cards in my BDC and they both work? Does it matter that
my BDC will be 3.51 and the PDC will be version 4.0?
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
jmatasoCommented:
Alpha sent me this comment via e-mail, and so I am posting it, as well as my response here on-line:
------
I would like to ask you just one simple followup question if you don't mind.

I do use the server for dialup RAS and I have over 1000 customers, that's a lot of retyping. After I reformat the server and change it to a PDC, isn't their a way to just restore my "SAM" RAS user database without restoring the other registry keys and messing the whole thing up?

Can I then put two terminal server cards in this PDC and put two other terminal server cards in my BDC and they both work? Does it matter that my BDC will be 3.51 and the PDC will be version 4.0?

-----
1000+ users does pose a problem.  I was wondering if both of your machines are currently up and running, or if only the first of the two is up?  What I am concerned about, is where is your accounts are located at.  Once you have things merged into a single domain, the same accounts can be used from all of your RAS servers, but until that point you may get stuck retyping.

As far as restoring your old SAM, I am fairly certain that the SAM DB CANNOT be restored, as it does not just contain user accounts, it also contains accounts for machines in the domain, trust relationships, etc. that would get blown out of the water by a restore.  To be honest, I am not entirely sure either that the machine would work after doing that, or how things would work.  It is definitely NOT supported by MS support (if you get that far).

Once the migration is done, you can string up as many different NT servers w/ modems attached as you like and set all of them to authenticate with the domain.  Any user account on the domain can then login through any of the servers (so you can have them all on a common rollover, if you want).  I just want to clarify one point, in that you mention "terminal server cards with modems attached", by this I assume you mean multiple serial port cards with modems hanging off of them (of a Digiboard-ish nature).  If you are talking about a different sort of technology, let me know.

As far as I know, the shouldn't be any problems with different versions of NT for the domain controllers.  Several other people that I know are doing it at their sites, and they aren't having any problems.

Back to the question of retyping, I know there are some utilities in the resource kit that allow for automated entry of large numbers of accounts from a text-file format, but I am not sure about dumping a SAM to disk and then reloading.  That might be a good place to start looking for that info.  Unforunately, I am not sure you will be able to get around it.  Sorry I can't be of more help on that point.

--->John
email:  john.matasovsky@bigfoot.com

0
 
alphaAuthor Commented:
I have two NT servers one is sitting there as a emergency hardware backup PC. The main server is a 3.51, server pack 5, dual CPU, 128MB ram system. Both systems are currently setup as servers and not PDCs or BDCs.
It only recognizes one CPU, but that's another story...

I am using RocketPort and Cyclades terminal servers cards which are multiport serial cards attached to 80 analog modems.
(It's a mess and digitial is coming).
According to what you are saying, I need to do a backup, reformat the dual CPU server and configure it as a PDC (I will use version 4.0) and then put two cards in it and two cards in my backup PC which is currently configured as a server and not a BDC. It's my understanding that ther server (version 3.51) will connect to my dual CPU PDC and use that SAM database on the PDC for authentication. I assume I have to go into the "network" settings and tell it to look at the dual CPU PDC for authentication.
It sounds like I am ready to go. I can either keep PC#2 as a v3.51 server or change it to a BDC and it will work either way, right?
The only problem now is figuring out how to import just the SAM database.
Thanks for all your help.

0
 
jmatasoCommented:
No problem.  Like I said, you might start with the ResKit, as it has a utility for bulk loading accounts from a file, it may also have one for dumping info to a file.

One other thought, you can transition over time as follows:

You make the backup server your PDC and add the currently active server to that domain.  You now begin the migration of accounts over in groups to the domain (users can still login through the old server in the interim).  This way, you will not have as big a problem of trying to immediately having to switch the accounts over.  One note is that I am not sure how the users will have to specify what account they want to use when they are logging in (if they are using a non-MS dialer).  When authenticating through the server to the domain, they may need to specify a username of the following format:  <DOMAIN>\<USERNAME> for the server to recognize that they are specifying a domain account.  When the server is a BDC, that would not be necessary, as it will default to checking its local SAM, and find them.

--->John
email:  john.matasovsky@bigfoot.com
0
 
alphaAuthor Commented:
Great idea! Thanks again!
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now