• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 777
  • Last Modified:

Novell/NT Authentication

I have an NT Server running SQL 2000, and clients running Novell client on NT Workstation.

I want to use SQL's 'Windows Authentication' method, but the remote server machine does not have user accounts set up, as the clients get the user details from NDS rather than an NT domain.

How can I tell the NT server that, as the user has been authenticated by NDS at the client end, the NT server should trust the user also?

Any ideas?
0
matt_little_
Asked:
matt_little_
  • 4
  • 4
  • 2
  • +5
1 Solution
 
tdaoudCommented:

You mean without creating the same users on NT server also and be authenticated by NT???

Tarik
0
 
Toffee_FanCommented:
Well there is always the option to implement NDS for NT.
Not a quick solution thats for sure, but it does mean your user manager for domains etc will become part of the NDS.
0
 
matt_little_Author Commented:
Tarik - yes - I want the NT box to trust the fact that Novell has authticated the users without having to do it again....

Toffee_Fan - How easy is it, and how does it work.
0
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
tdaoudCommented:

matt_little

One way is that you can create the same user names and have the same password on NT as on Novell and it will not ask you and will automatically authenticate on NT too using the same user/password entered for NDS.

Or you can setup windows 2000 machines to always login with a specific default user.

But I'm not sure if any of these solutions solves your problem if any?  Unless I'm missunderstaning your needs.

Tarik
0
 
matt_little_Author Commented:
I don't want the overhead of maintaing users on both novell and NT servers. I have over 100 users who need to use the system, and I cannot have them update passwords on NT when they do so on novell.

I think that I need to get the NT4 server to either
a) Trust the novell network (if I am authenticated to novell, that is good enough for NT)

b) Get NT server to 'hook into' NDS to check the crudentials passed from the novell client to the NT server against what is held on NDS.

Effectively, I only want to maintain users in NDS, and only have the user once (not once on NT and once on NDS), but I need the novell user to be 'accepted' by my NT server.
0
 
Toffee_FanCommented:
Well, the course I've actually been on was a two day course.  The user manual isn't that thick really.

I have not used it in a live environment though, so its difficult to say how long to implement and install.  I would imagine that you would be talking of a project time rather than just some arb software install and config.

I don't know how much it costs to buy/license.

Once its installed and configured there should be no real issues managing the accounts - especially if you know how to do admin work on both novell (nwadmin32) and NT (User Manager) etc.

The other points to check out are NDS for NT (that I used) was for novell 4.11 - not to sure about 5.0 or above.
Even novell 6 should be out soon.

Best thing to do would be to go to novell support and check out the TID's and Manuals on the subject, and take it from there.

Steve
0
 
JimBbCommented:
NDS for NT doesn't really exist anymore, it's now Novell Account Management (NAM) - but it does the same, and sounds indeed as the product to use here.  And it supports any NetWare version, including 4.x.

Jim
0
 
KarinaCCommented:
Matt have a look at the Novell web site under Single Sign On.

Novell* Single Sign-on 1.0 now supports Novell Client for Windows NT version 4.6.

There is a self-extracting download file available from the Dowload software page.  The exe. name is NTCLIENT.EXE it contains two software files:

AXCREDNT.OCX provides the integration between Novell Single Sign-on and Novell Client for Windows NT.
AXNDS.RLL displays the Single Sign-on logo on the NDS login tab whenever Single Sign-on is enabled.

Procedures for installing these files are included in the Quick Reference document (accessed through the INFORMATION button on the download page). The instructions are also located in the README.TXT file included with the download software.
0
 
tdaoudCommented:

matt_little,

I'm running a university with more than 1500 network accounts that must be maintained on both NT/2000 and Novell 4.11, in the past I searched for a solution to minimize and ease the management of accouints under NDS, I couldn't find much help.

what I'm doing now is create the Novell account and NT account through a small Visual C++ program that I developped but it eventually simply runs Novell command lines and NT/2000 command lines to create the new users.

With NT/2000 resource kit you have a command line called addusers.exe where you can add users to NT/2000 running a single command if the username and fullname are in a comma separated file.

With Novell, you have the command "uimport" where you can also manage NDS through command lines with a specific format text file for what you want to do.

With regard to changing passwords, the Novell/NT client will change passwords on both systems (when you do CTRL+ALT+DEL then change password).

Hope my expeirence with this regards helps.

Tarik
0
 
matt_little_Author Commented:
Tarik -

How will the Novell client update user's passwords in both NT and novell?

How does the Novell client know of the existence of an NT server that you have added users to with a C++ program? How does it then update the NT SAM?
0
 
matt_little_Author Commented:
Tarik -

How will the Novell client update user's passwords in both NT and novell?

How does the Novell client know of the existence of an NT server that you have added users to with a C++ program? How does it then update the NT SAM?
0
 
tdaoudCommented:

While logged in to a Windows NT workstation running Novell client (assuming being authenticated by both Novell NDs and NT) you can press CTRL+ALT+DEL and then choose "Change Password" (whenever you'd like to do so) and it will prompt you to change the password with the regular "Old password", "New Password", and "confirm Password" boxes and defaulting to changing it on both Novell/NT at that time you can (there is no need to actually) not change of the OSs password.  But the default is to change the password on both Novell and NT.

In my C++ program, or actually any other language I simply create the necessary formatted text files with the new user name and full name the way Novell wnats it and another the way NT wants it, then I invoke the DOS commands uimport (for Novell) and addusers.exe (for NT) to create the new user I'm adding to the network.  Initially the passwords will be empty and the user when first loggs in will be prompted to change his/her password (again on both OSs, Novell and NT,  by default.

Tarik
0
 
RoscoeCommented:
Matt:

Key Issue: Is the SQL server set up on its own as a standalone server? Or is it part of a domain as a Domain Controller or as a member server? The various Novell directory-enabled products have different entry points into security depending on the setup of the box, and there are slightly different tricks to implement this (or not)... Because Novell's licensing methodology is tighter than Microsoft's (and Novell respects licensing limits more than Microsoft), sorry, you won't find the equivalent of the MS Gateway for Netware product and it's single Novell user (unlimited MS users) account entry into NetWare bindery servers.

Both the new (Novell Account Management) and the older Directory-enabled versions (NDS for NT for example) set up a parallel security system by means of DLL's dropped into the NT boxes. Best part of them all is that in the products running on NT domains (and in certain cases, standalone servers), only ONE password is ever required, and account maintenance is performed on the Novell side, with updates being sent behind the scenes to the NT boxes' SAM databases. (Win2K and Active Directory are treated differently, but the effect is virtually the same - simplified maintenance via Novell tools...) The client-level password integration that Tarik talks about is primarily for local workstation account maintenance with the added bonus of easy integration into NT domains - if you've got the Novell product installed unto your NT servers, credential submission and updates occur in the background. If your setup is NOT integrated (meaning manual maintenance of multiple user lists), then at least you don't have to have the users worry about separate passwords - ASSUMING THAT YOUR ENFORCED PASSWORD CHANGES ARE THE SAME IN BOTH ENVIRONMENTS!!! (Tip: have Novell policy force password change every 45 days, users get prompted to change both passwords once every 45 days - set NT to force changes every 60 days, but users will always change before NT's expiry.) KEY USER EDUCATION POINT: train users to answer YES to client's request to change NT password at same time as Novell.) The newer client 4.80 seems to be much more quick and stable - but please test in your environment and apps....

Finally, suggested cost per seat for Novell Account Management is about $35 - your reseller may be able to get better pricing for it or the other products... key advantage to NAM is integration with Win2K's AD....

Hope this clears up some confusion... Ross
0
 
CleanupPingCommented:
matt_little_:
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
EXPERTS:
Post your closing recommendations!  No comment means you don't care.
0
 
ShineOnCommented:
No comment has been added lately, so it's time to clean up this TA.
I will leave the following recommendation for this question in the Cleanup topic area:

Accept: Roscoe {http:#6398439}

Please leave any comments here within the next seven days.
PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

ShineOn
EE Cleanup Volunteer
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Python 3 Fundamentals

This course will teach participants about installing and configuring Python, syntax, importing, statements, types, strings, booleans, files, lists, tuples, comprehensions, functions, and classes.

  • 4
  • 4
  • 2
  • +5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now