Solved

Implementing single-signon with Notes/WinNT

Posted on 1998-11-30
7
346 Views
Last Modified: 2013-12-18
Our users currently have independant Notes accounts (a separate username/password for Notes, in addition to their Windows Networking accounts).  We'd like to implement single-signon, so that Notes accepts its authentication from NT.  Has anyone done this?  (Notes server OS is Win NT 4.0, clients are 95 and NT now, will be all NT in near future.  Notes 4.0 server, 4.5 and 4.6 clients.)

It seems that Lotus would favor account creation through Notes (which would automatically create the Network account).  This is probably acceptable for new accounts, but how would we migrate existing users to connect the existing independant accounts?

We're interested in 'Been there, done that - and watch out for THIS' info.  TIA
0
Comment
Question by:frankr
  • 4
  • 2
7 Comments
 
LVL 2

Author Comment

by:frankr
ID: 1117688
Edited text of question
0
 
LVL 2

Expert Comment

by:cwalter
ID: 1117689
I have implemented this on about 4 different domains it works well, but I have never found any tool that would syncronize everything for you. If there was such a tool then getting all authentication in one place would be mute because you could just automate the syncronization.

The most succesful way to implement this is to create and manage your accounts through notes. This is good because you have better control over who does what.

What should happen is when you get everything up and running and you choose to use Notes to create and edit accounts then Notes will create any NT accounts which are missing from NT but exist in the Name and Address book.
0
 
LVL 2

Author Comment

by:frankr
ID: 1117690
For the time being, I'm rejecting without prejudice.  If a better answer isn't forthcoming, I'll ask for a repost and accept it.  The following isn't a critique of the answer as much as it is a refinement of the question (and in many ways a critique of Lotus approach to the problem).

The daunting part of this is that we're looking for a way around the need to re-create all the NT (and Notes?) accounts.  That's not a trivial task.  The root of the problem lies in the Lotus approach to establishing the association between the accounts (i.e. at account creation time).  The events involved here (account creation, account association, and authentication) are very distinct, and SHOULDN'T be indivisible.

The Notes paradigm for this operation is poor, particularly in existing production environments.  We also use Oracle, and I've implemented this environment without having to re-create all my NT accounts.  We already had NT accounts for our users before we installed Notes (it's just another application, after all, not the OS).  Creating a Notes account and an NT account in a single operation should be an OPTION available to me, not a requirement.
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 

Accepted Solution

by:
lawrencekoo earned 200 total points
ID: 1117691
You need to reinstall your Notes server by selecting custom installation and install the authentication support with NT (everything else preserved).  After this, whenever you goto the user manager of NT, you would get a new menu item called Lotus Notes which allowed you to create a corrsponding account for the user in Notes and vice versa.
0
 
LVL 2

Author Comment

by:frankr
ID: 1117692
Thanks, Lawrence.  Is this still an answer of the variety "you can't establish a relationship between pre-existing NT and Notes  accounts, you have to create one or the other"?  That's the impression I get from your answer, am I correct?
0
 

Expert Comment

by:lawrencekoo
ID: 1117693
Yes you are correct, you can't connect existing users of NT and Notes together, you have to either create'em from user manager or Notes, afterwards you can even synchronize the password.
0
 
LVL 2

Author Comment

by:frankr
ID: 1117694
I was afraid there wasn't a good answer to this question (at least the one I was looking for).

Thanks for responding.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

For users on the Lotus Notes 8 Standard client, this article provides information on checking the Java Heap size and adjusting it to half of your system RAM in attempt to get the Lotus Notes 8.x Standard client to run faster.  I've had to exercise t…
I thought it will be a good idea to make a post as it will help in case someone else faces these issues. I trust this gives an idea how each entry in Notes.ini can mean a lot for the Domino Server to be functioning properly. This article discusses t…
I designed this idea while studying technology in the classroom.  This is a semester long project.  Students are asked to take photographs on a specific topic which they find meaningful, it can be a place or situation such as travel or homelessness.…
This is a video describing the growing solar energy use in Utah. This is a topic that greatly interests me and so I decided to produce a video about it.

937 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

3 Experts available now in Live!

Get 1:1 Help Now