?
Solved

manage a windows 2003 server using edirectory

Posted on 2006-04-27
12
Medium Priority
?
671 Views
Last Modified: 2013-12-03
Ok the history: I have a mostly Netware environment version 6.0 sp4 and oes netware 6.5 sp5. I also have several windows servers. however I am only interested in one right now. I have installed edirectory on the win2003 server and can see the server object in console1. I am not sure where to go from here. How do I manage/configure its resources? I click on the server icon and its just a blank window. I know I am missing some step somewhere, but I have no idea what step or where it belongs. any help would be great. thanks.
0
Comment
Question by:BigBadFletch
9 Comments
 
LVL 17

Accepted Solution

by:
BudDurland earned 500 total points
ID: 16558538
As far as I know, eDirectory on anything other than NetWare does not allow for management of resources such as file shares, printers, etc.  it only provides identity management.  Even then, with Windows, you need to use the xml-database-super-duper-decoder-ring product (DirXML and/or Novell Identity Management)  to get changes to eDir to be reflected in AD or the Windows SAM file.
0
 
LVL 34

Assisted Solution

by:PsiCop
PsiCop earned 500 total points
ID: 16558581
Depends on exactly what you mean by "manage".

When you installed eDirectory and added the W2K3 box to the eDirectory tree, it simply started hosting an eDirectory replica. In an of itself, W2K3 is incapable of taking advantage of this.

YO ca ake advantage of this in various ways, some simple, some not. The W2K3 server no longer has to contact an OES or NetWare server to access authentication information in eDirectory, for example, so if you login to the W2K3 box using credentials held in eDirectory, there's no network traversal for that. This is perhaps the simplest advantage.

To take full advantage, however, you'll need a tool like Identity Manager to provide the bi-directional object synch between the eDirectory and Windoze worlds. IDM v2.0 and later does extend the management capabilities to shares and printers and other AD-defined network resources. IDM v3.0 was recently released and offers an impressive capability to manage multiple environments, far beyond simple user synch. DirXML is long surpassed.
0
 
LVL 35

Expert Comment

by:ShineOn
ID: 16563459
Yeah, you can't manage Windoze servers with AD, either.  The servers themselves are individually managed using that server's MMC panels.

eDirectory on OES/Linux currently only manages the OES part of the server (including NSS filesystem rights,) and on NetWare only manages the parts of the server that are identity-based and directory-enabled.  There are web-based tools like NoRM that give you access to server-specific settings and hardware stuff, but that stuff isn't part of eDirectory or managed by eDirectory per-se.  You don't have objects for a lot of those kinda things, in other words.  

If you've got an object, and you can manage it, then it's covered by eDirectory for the most part.

There are always parts of servers that can only be managed on that specific server, even if it's done remotely via web tools or remote-control.

You do want to get the IM starter pack installed on your Win2K3 server so you can at least manage users & groups.  All the rest, including "share" "permissions" and NTFS "permissions" and other attributes of the server that isn't in the server object, have to be managed on the server, just like you'd have to do in an AD environment.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 4

Author Comment

by:BigBadFletch
ID: 16564330
ok then. I am starting to get it...(slowly) what exactly I am trying to do is... and I may be doing this the wrong way... please correct me if it sounds lame. I would like a group of people to map a shared folder on my windows server from their container login script without having to login to the windows server everytime. My plan was to install edirectory on the server and manage the shared folder as if it were a netware volume. I don't know why I thought that, I guess I thought is was going to work like that. anyway. so on to better things. can I accomplish what I want to do with what I have now? make a group on the windows server and put all the users in the group with the same username and password and then they would not have to double authenticate? having to deal with the passwords not syncing unless I install and config IM ??

thanks for the information everyone.. this service is the coolest!!! EE Rocks!
0
 
LVL 35

Assisted Solution

by:ShineOn
ShineOn earned 500 total points
ID: 16565965
Are you using AD or domains, or is this server a member of "workgroup" that will have local user accounts on it?  How it works, depends on how you set it up. It's less complicated as an admin if it's not a matter of maintaining multiple local user accounts...

If the computers will be Windoze domain member computers and the users authenticating to a Windoze domain at login, then simply creating a group with appropriate rights and assigning the users (whose usernames and passwords match between Windoze and eDirectory) you'll have the permissions thing handled, and then it's just a matter of mapping.

The mapping should be done with a call to NET USE rather than using the Novell MAP command.

If they're all member of "workgroup" and log in as a local user, then you have to maintain that account as though it were a peer-to-peer thing -  not much difference, IMHO ;)- so there's more administrative work to get it set up and keep things synched.
0
 
LVL 1

Assisted Solution

by:pspencer53
pspencer53 earned 500 total points
ID: 16571301
Essentially, for purposes of this discussion, eDir on a Windows Server is nothing more than an LDAP server.  The Windows file system must still be managed as a Windows resource.  

Assuming that you have an AD domain, and also that the users authenticate to AD when they login, then all that you need to ensure is that the AD and eDir passwords are in sync.  This is done using the DIRXML starter pack that comes with the Novell OS.  
http://www.novell.com/documentation/dirxmlstarterpack/index.html?page=/documentation/dirxmlstarterpack/jetset/data/front.html or http://www.novell.com/documentation/dirxml20/index.html

What it does is synchronize AD with eDir.  Once it is installed it is a magical thing.  If you create a new eDir user (or a new AD account) it automatically provisions the user in the other directory.  The password sync component then ensures that if the user changes their password (in either directory) it is changed in the other.

Even with this tool though, you still need to manage file system rights to the windows shares using windows groups.  You cannot manage them in eDir.  

If you do not have an AD environment, then I find that the NET USE command will still work, but you must manually maintain the windows credentials so that they work without a prompt.   I have seen some pretty imaginative login scripts (using VBS and such) that will try to hide a prompt from the user, but what it boils down to is that they must have synchronized passwords
 
0
 
LVL 35

Expert Comment

by:ShineOn
ID: 16573170
It's not DirXML any more.  NW6.5/OES gives you the Identity Manager 2.0 Starter Pack. I don't know if that's been updated to allow you to use Identity Manager 3.0 in a "starter pack" format or not.

I wouldn't say "nothing more than an LDAP server" either.  There are other, non-LDAP-specific things you can do with eDirectory on any platform, including management of eDirectory-enabled applications, and the leveraging of NMAS, which is built-in to eDirectory 8.7.2 and up.

AD, however, truly is nothing more than an X.500-like kludge on top of legacy NT domains, adding transitive-trust.  Their miserable excuse for an LDAP server is an add-on that uses AD as the data store.
0
 
LVL 4

Author Comment

by:BigBadFletch
ID: 16757219
sorry for the delay. I still am not done with this one. but I have not had a lot of time to work on it. I should be able to get back to it soon. please don't close it yet.

thanks,

once again sorry for the long delay.
Fletch
0
 
LVL 20

Expert Comment

by:Venabili
ID: 16828715
Any iupdate?
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ever visit a website where you spotted a really cool looking Font, yet couldn't figure out which font family it belonged to, or how to get a copy of it for your own use? This article explains the process of doing exactly that, as well as showing how…
In the below post we have mentioned the best hosting type for startups. Also, check out some of the superlative web hosting companies that are proposing affordable web hosting solutions to host your startup website.
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…
Suggested Courses

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question