Solved

Novell/NT Authentication

Posted on 2001-08-07
16
757 Views
Last Modified: 2008-02-01
I have an NT Server running SQL 2000, and clients running Novell client on NT Workstation.

I want to use SQL's 'Windows Authentication' method, but the remote server machine does not have user accounts set up, as the clients get the user details from NDS rather than an NT domain.

How can I tell the NT server that, as the user has been authenticated by NDS at the client end, the NT server should trust the user also?

Any ideas?
0
Comment
Question by:matt_little_
  • 4
  • 4
  • 2
  • +5
16 Comments
 
LVL 3

Expert Comment

by:tdaoud
ID: 6361420

You mean without creating the same users on NT server also and be authenticated by NT???

Tarik
0
 

Expert Comment

by:Toffee_Fan
ID: 6361807
Well there is always the option to implement NDS for NT.
Not a quick solution thats for sure, but it does mean your user manager for domains etc will become part of the NDS.
0
 

Author Comment

by:matt_little_
ID: 6363036
Tarik - yes - I want the NT box to trust the fact that Novell has authticated the users without having to do it again....

Toffee_Fan - How easy is it, and how does it work.
0
 
LVL 3

Expert Comment

by:tdaoud
ID: 6363080

matt_little

One way is that you can create the same user names and have the same password on NT as on Novell and it will not ask you and will automatically authenticate on NT too using the same user/password entered for NDS.

Or you can setup windows 2000 machines to always login with a specific default user.

But I'm not sure if any of these solutions solves your problem if any?  Unless I'm missunderstaning your needs.

Tarik
0
 

Author Comment

by:matt_little_
ID: 6363798
I don't want the overhead of maintaing users on both novell and NT servers. I have over 100 users who need to use the system, and I cannot have them update passwords on NT when they do so on novell.

I think that I need to get the NT4 server to either
a) Trust the novell network (if I am authenticated to novell, that is good enough for NT)

b) Get NT server to 'hook into' NDS to check the crudentials passed from the novell client to the NT server against what is held on NDS.

Effectively, I only want to maintain users in NDS, and only have the user once (not once on NT and once on NDS), but I need the novell user to be 'accepted' by my NT server.
0
 

Expert Comment

by:Toffee_Fan
ID: 6365125
Well, the course I've actually been on was a two day course.  The user manual isn't that thick really.

I have not used it in a live environment though, so its difficult to say how long to implement and install.  I would imagine that you would be talking of a project time rather than just some arb software install and config.

I don't know how much it costs to buy/license.

Once its installed and configured there should be no real issues managing the accounts - especially if you know how to do admin work on both novell (nwadmin32) and NT (User Manager) etc.

The other points to check out are NDS for NT (that I used) was for novell 4.11 - not to sure about 5.0 or above.
Even novell 6 should be out soon.

Best thing to do would be to go to novell support and check out the TID's and Manuals on the subject, and take it from there.

Steve
0
 
LVL 1

Expert Comment

by:JimBb
ID: 6365815
NDS for NT doesn't really exist anymore, it's now Novell Account Management (NAM) - but it does the same, and sounds indeed as the product to use here.  And it supports any NetWare version, including 4.x.

Jim
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 

Expert Comment

by:KarinaC
ID: 6366251
Matt have a look at the Novell web site under Single Sign On.

Novell* Single Sign-on 1.0 now supports Novell Client for Windows NT version 4.6.

There is a self-extracting download file available from the Dowload software page.  The exe. name is NTCLIENT.EXE it contains two software files:

AXCREDNT.OCX provides the integration between Novell Single Sign-on and Novell Client for Windows NT.
AXNDS.RLL displays the Single Sign-on logo on the NDS login tab whenever Single Sign-on is enabled.

Procedures for installing these files are included in the Quick Reference document (accessed through the INFORMATION button on the download page). The instructions are also located in the README.TXT file included with the download software.
0
 
LVL 3

Expert Comment

by:tdaoud
ID: 6366848

matt_little,

I'm running a university with more than 1500 network accounts that must be maintained on both NT/2000 and Novell 4.11, in the past I searched for a solution to minimize and ease the management of accouints under NDS, I couldn't find much help.

what I'm doing now is create the Novell account and NT account through a small Visual C++ program that I developped but it eventually simply runs Novell command lines and NT/2000 command lines to create the new users.

With NT/2000 resource kit you have a command line called addusers.exe where you can add users to NT/2000 running a single command if the username and fullname are in a comma separated file.

With Novell, you have the command "uimport" where you can also manage NDS through command lines with a specific format text file for what you want to do.

With regard to changing passwords, the Novell/NT client will change passwords on both systems (when you do CTRL+ALT+DEL then change password).

Hope my expeirence with this regards helps.

Tarik
0
 

Author Comment

by:matt_little_
ID: 6367787
Tarik -

How will the Novell client update user's passwords in both NT and novell?

How does the Novell client know of the existence of an NT server that you have added users to with a C++ program? How does it then update the NT SAM?
0
 

Author Comment

by:matt_little_
ID: 6367794
Tarik -

How will the Novell client update user's passwords in both NT and novell?

How does the Novell client know of the existence of an NT server that you have added users to with a C++ program? How does it then update the NT SAM?
0
 
LVL 3

Expert Comment

by:tdaoud
ID: 6369578

While logged in to a Windows NT workstation running Novell client (assuming being authenticated by both Novell NDs and NT) you can press CTRL+ALT+DEL and then choose "Change Password" (whenever you'd like to do so) and it will prompt you to change the password with the regular "Old password", "New Password", and "confirm Password" boxes and defaulting to changing it on both Novell/NT at that time you can (there is no need to actually) not change of the OSs password.  But the default is to change the password on both Novell and NT.

In my C++ program, or actually any other language I simply create the necessary formatted text files with the new user name and full name the way Novell wnats it and another the way NT wants it, then I invoke the DOS commands uimport (for Novell) and addusers.exe (for NT) to create the new user I'm adding to the network.  Initially the passwords will be empty and the user when first loggs in will be prompted to change his/her password (again on both OSs, Novell and NT,  by default.

Tarik
0
 
LVL 3

Accepted Solution

by:
Roscoe earned 200 total points
ID: 6398439
Matt:

Key Issue: Is the SQL server set up on its own as a standalone server? Or is it part of a domain as a Domain Controller or as a member server? The various Novell directory-enabled products have different entry points into security depending on the setup of the box, and there are slightly different tricks to implement this (or not)... Because Novell's licensing methodology is tighter than Microsoft's (and Novell respects licensing limits more than Microsoft), sorry, you won't find the equivalent of the MS Gateway for Netware product and it's single Novell user (unlimited MS users) account entry into NetWare bindery servers.

Both the new (Novell Account Management) and the older Directory-enabled versions (NDS for NT for example) set up a parallel security system by means of DLL's dropped into the NT boxes. Best part of them all is that in the products running on NT domains (and in certain cases, standalone servers), only ONE password is ever required, and account maintenance is performed on the Novell side, with updates being sent behind the scenes to the NT boxes' SAM databases. (Win2K and Active Directory are treated differently, but the effect is virtually the same - simplified maintenance via Novell tools...) The client-level password integration that Tarik talks about is primarily for local workstation account maintenance with the added bonus of easy integration into NT domains - if you've got the Novell product installed unto your NT servers, credential submission and updates occur in the background. If your setup is NOT integrated (meaning manual maintenance of multiple user lists), then at least you don't have to have the users worry about separate passwords - ASSUMING THAT YOUR ENFORCED PASSWORD CHANGES ARE THE SAME IN BOTH ENVIRONMENTS!!! (Tip: have Novell policy force password change every 45 days, users get prompted to change both passwords once every 45 days - set NT to force changes every 60 days, but users will always change before NT's expiry.) KEY USER EDUCATION POINT: train users to answer YES to client's request to change NT password at same time as Novell.) The newer client 4.80 seems to be much more quick and stable - but please test in your environment and apps....

Finally, suggested cost per seat for Novell Account Management is about $35 - your reseller may be able to get better pricing for it or the other products... key advantage to NAM is integration with Win2K's AD....

Hope this clears up some confusion... Ross
0
 

Expert Comment

by:CleanupPing
ID: 9156845
matt_little_:
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1
EXPERTS:
Post your closing recommendations!  No comment means you don't care.
0
 
LVL 35

Expert Comment

by:ShineOn
ID: 9930046
No comment has been added lately, so it's time to clean up this TA.
I will leave the following recommendation for this question in the Cleanup topic area:

Accept: Roscoe {http:#6398439}

Please leave any comments here within the next seven days.
PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

ShineOn
EE Cleanup Volunteer
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

A procedure for exporting installed hotfix details of remote computers using powershell
Is your company's data protection keeping pace with virtualization? Here are 7 dynamic ways to adapt to rapid breakthroughs in technology.
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now