[Search for users]
[Overall Top Noters]
[List of all Conferences]
[Download this site]
| Title: | PATHWORKS for OSF/1 |
| Notice: | see also NOTED::PWDOSWINV5 (PW client) & TURRIS::DIGITAL_UNIX |
| Moderator: | CPEEDY::LONG |
|
| Created: | Thu Apr 22 1993 |
| Last Modified: | Fri Jun 06 1997 |
| Last Successful Update: | Fri Jun 06 1997 |
| Number of topics: | 1874 |
| Total number of notes: | 6870 |
1750.0. "NIS(YP) + PW OSF 5/6 (VIA NT PDC) ?" by CHEFS::BARRETTO () Mon Feb 17 1997 04:24
There is a product on the market from TEKTRONIX called WinDD NIS that
will integrate a Windows NT domain into a NIS environment. Therefore,
it should be possible to integrate PW OSF V5.0/V6.0 into the Windows
NT Domain.
UNIX NIS <<<<>>>> WINDOWS NT WinDD Server
^
^
^
PATHWORKS OSF V5.0/V6.0
<<<<<<<<<< PRODUCT DESCRIPTION >>>>>>>>>>>>>>>
WinDD NIS 3.0 <<<<<<<<<<
With WinDD NIS, Tektronix addresses another Unix/NT integration issue:
user account and password management. WinDD NIS reduces the amount of
time system administrators spend managing user accounts on their WinDD
servers.
NIS (Network Information System) is a Unix-based tool that establishes
a centralized database of configuration information. It allows Unix
computers to poll a master NIS server to obtain information for
booting, networking, and user account configuration. The goal of NIS is
to establish a single source of information where other computers on
the network can get the information they need. WinDD NIS extends this
Unix functionality to the world of Windows NT, allowing the WinDD
server to collect usernames and passwords from the Unix NIS computer
rather than from either the local NT system or the NT domain.
WinDD NIS allows Unix sites that have centralized their user management
with the NIS system for their Unix account management to extend this
feature to their WinDD servers, thereby avoiding duplicate
administration efforts on both NT and Unix platforms and reducing
administration time and costs. Administrators can tie their WinDD
servers to their existing NIS infrastructures to create/delete user
accounts and manage access privileges from a single system.
Windows NT's domain system performs like the NIS system to centralize
management of user accounts and passwords, using a Primary Domain
Controller (PDC), that functions like an NIS Master Server, to
synchronize all the vanilla NT servers and Backup Domain Controllers
(BDC) in the domain. When running NT in heterogeneous environments,
however, where most of the user account management has been established
and successfully administered from the Unix side with the NIS system,
the problem administrators want to avoid is replicating these efforts
on a second platform. Since there is no way to use NT's domain system
to manage the Unix environment, and since many organizations have
already implemented the NIS system, WinDD NIS is the only solution that
allows Unix/NT user account integration and synchronization.
------------------------------------------------------------------------
Requirements
WinDD NIS needs to be installed on every WinDD server that will access
the Unix NIS server for username and password verification. WinDD
servers which are not installed with the NIS product will work within
NT's domain structure but will not work properly with NIS even if other
WinDD servers in the same domain do have the NIS product.
WinDD NIS is licensed for use in WinDD environments, either on WinDD
servers or Windows NT servers. If you use a vanilla Windows NT server
as a PDC whose primary function is to manage user accounts, it is vital
that this Windows NT PDC has the NIS software on it too, in order for
the WinDD NIS system to work properly.
------------------------------------------------------------------------
Installation and configuration
The WinDD NIS software is distributed on a PC diskette and is installed
directly on the WinDD server. Double-clicking the SETUP.EXE program on
the A: drive will cause the NIS Setup program to install the software
on your hard disk and launch the NIS Options program, which allows the
administrator to set the initial and alter later NIS configurations.
The NIS Options program is available in the Administrative Tools group
and can be run (by an NT administrator) to do the following:
set the NT domain to either the local NT server or the NT domain
controller; add/select an NIS domain; set the user's home directory
(exactly as in User Manager, with variables allowed); set ypbind to an
NIS server broadcast or directly to a specific host; limit NIS login
to specified NIS groups; allow/prevent direct login to NT servers;
allow/prevent NIS password changes from NT; and enable group
synchronization.
The NIS software is automatically installed as an NT service that
performs the functionality of the Unix YPBIND program. YPBIND is the
NIS client process that puts everything together. All participants in
the NIS domain run YPBIND. When YPBIND starts, it contacts a YPSERV
process out on the network that is in the same NIS domain. When a
lookup is requested, the YPSERV process performs the lookup in its own
NIS maps, and passes the information back to the client. YPBIND will
start automatically at boot time on NIS Masters, Slaves, or clients if
an NIS domain name is defined in the /etc/defaultdomain file. If it has
a domain defined, the host will put a request for binding out on the
net work. It will bind to the first YPSERV process that answers it.
The WinDD NIS product is a YPBIND client that runs on a PC app-server.
Based on what NIS server the YPBIND broadcast finds and binds to for
its information (either specifically defined by the administrator or
responding to a broadcast from the WinDD server), the username and
password entered by the user on the WinDD Server are compared with
those known by the NIS server. If they match, the user is logged on.
An administrator can stop the YPBIND service in Control Panel's
Services applet, but this will only affect a broadcast option. With NIS
YPBIND set to a specific host, stopping the YPBIND service will have no
effect. After successful installation, reboot the computer to take
effect.
WinDD NIS automatically allows groups to be synchronized between Unix
and WinDD. When a user logs on to a WinDD server, his primary and
secondary Unix groups are determined via the NIS password and group
maps. The user is automatically added to or removed from the
corresponding NT groups, with groups being automatically created if
necessary.
WinDD NIS also allows the user to change his password via the local
WinDD security tool and have that password reflected back on the NIS
server for all future logins to the WinDD server or elsewhere in his
Unix environment. With the NIS database, the user's Unix root directory
is also known to the WinDD server. With this information, the WinDD
administrator has the option to automatically mount the user's home
directory for access from the WinDD server via the WinDD NFS client.
------------------------------------------------------------------------
Logging on in a WinDD NIS environment
Once a WinDD user connects to a WinDD server with available licenses,
he will see the login screen that asks for his name, domain, and
password. In a standard WinDD environment, a user may have accounts on
different WinDD servers and within different domains. To log on into a
domain in which he has an account, the user has to select the correct
domain in the From: field on the login screen; if he selects a domain
or server that doesn't know about his account, he will be denied
access. This is where the NIS product comes in. The NIS product adds
another "domain" choice to the list.
In order to be authenticated by the NIS server, the user must select
the NIS server in the From: field. The NIS server, which is configured
by the administrator during the WinDD NIS installation, will often look
like some sort of internet address (such as solar.vnd.tek.com) or
possibly an IP address in the From: field. By selecting the NIS server,
the user's username and password on the login screen are compared to
the master values stored on the NIS server. If they match, he is
successfully logged on to the WinDD server.
------------------------------------------------------------------------
Account creation
An important part of the WinDD NIS system is that it still requires a
proper WinDD/Windows NT user account to be set up. One feature that
will cut down on administration time is NIS's ability to create WinDD
user accounts automatically.
In the past, customers who purchased WinDD (or any other form of
Windows NT) had to re-create user accounts on the NT side for every
user who needed access to the NT server. But WinDD NIS utilizes the
existing NIS system on the Unix side to avoid manually duplicating user
accounts on the NT side. It will automatically create a user account on
the WinDD Server if one does not already exist. The user, with a valid
Unix/NIS account, must log on by selecting the NIS server in the From:
field. Using information from the NIS server, the WinDD NIS product
will create the account on a configurable NT domain that is set up by
the administrator during the NIS installation. It is in this indirect
domain specified by the sys-admin where the newly created WinDD user
account is located.
One might think this would be a little difficult if the site were
actually using a Primary Domain Controller (PDC) for centralized NT
account setup, but it's no problem for our NIS feature. The NIS system
on the local WinDD Server actually talks to the PDC to set up the
account. This is the reason customers will need to install WinDD NIS on
their Windows NT PDCs.
------------------------------------------------------------------------
Administration
With WinDD NIS Support, administrators can let their existing NIS
servers automatically create unique NT accounts for users who have
never logged on to a WinDD server (providing they can successfully pass
the NIS authentication). It will even create equivalent global user
groups on the WinDD side and include the appropriate users in these
groups as well, although the WinDD administrator will have to manually
configure read/write/execute permissions for these new WinDD groups.
An administrator can even lock out authorized NIS users from the WinDD
server on a group-by-group basis.
------------------------------------------------------------------------
Password changes and account synchronization
WinDD NIS does a few things to keep the Unix and NT user accounts in
sync. First of all, if the user logs on to WinDD via the NIS server and
then changes his local WinDD server password, our NIS product actually
works with the WinDD system to change both the local (NT) password and
the NIS password to keep things synchronized. The NIS product on the
WinDD server notifies the Unix NIS server of the password change if the
user changes it from the WinDD server, and tells the user that his NIS
password has been changed. Subsequent logins to the Unix or WinDD world
will use the new password.
But what happens if the user bypasses the NIS server and logs on
directly into the server's domain? It is possible for things to get out
of sync when a user changes his local password under these
circumstances. Fortunately, NIS offers the administrator controls to
prevent this from happening. For one thing, our NIS product lets the
administrator decide if users can log on directly to the WinDD server
without going through NIS. If he chooses not to allow this capability,
the problem disappears completely. If he does choose to allow local
logins, he can still configure NIS to prevent users from changing their
local WinDD passwords if they also have NIS passwords.
| T.R | Title | User | Personal
Name | Date | Lines
|
|---|