[Search for users] [Overall Top Noters] [List of all Conferences] [Download this site]

Conference ranger::pwosf

Title:PATHWORKS for OSF/1
Notice:see also NOTED::PWDOSWINV5 (PW client) & TURRIS::DIGITAL_UNIX
Moderator:CPEEDY::LONG
Created:Thu Apr 22 1993
Last Modified:Fri Jun 06 1997
Last Successful Update:Fri Jun 06 1997
Number of topics:1874
Total number of notes:6870

1750.0. "NIS(YP) + PW OSF 5/6 (VIA NT PDC) ?" by CHEFS::BARRETTO () Mon Feb 17 1997 07:24

    
    
    
    
    
    
    
    There is a product on the market from TEKTRONIX called WinDD NIS that 
    will integrate a Windows NT domain into a NIS environment. Therefore,
    it should be possible to integrate PW OSF V5.0/V6.0 into the Windows 
    NT Domain.
    
    UNIX NIS <<<<>>>>  WINDOWS NT WinDD Server
                               ^
                               ^
                               ^
                       PATHWORKS OSF V5.0/V6.0
    
    
    
    
    
    
    		<<<<<<<<<< PRODUCT DESCRIPTION >>>>>>>>>>>>>>>
    
    
    WinDD NIS 3.0 <<<<<<<<<<
    
    With WinDD NIS, Tektronix addresses another Unix/NT integration issue:
    user account and password management. WinDD NIS reduces the amount of
    time system administrators spend managing user accounts on their WinDD
    servers.                
    
    NIS (Network Information System) is a Unix-based tool that establishes
    a centralized database of configuration information. It allows Unix
    computers to poll a master NIS server to obtain information for
    booting, networking, and user account configuration. The goal of NIS is
    to establish a single source of information where other computers on
    the network can get the information they need. WinDD NIS extends this
    Unix functionality to the world of Windows NT, allowing the WinDD
    server to collect usernames and passwords from the Unix NIS computer
    rather than from either the local NT system or the NT domain.
    
    WinDD NIS allows Unix sites that have centralized their user management
    with the NIS system for their Unix account management to extend this
    feature to their WinDD servers, thereby avoiding duplicate
    administration efforts on both NT and Unix platforms and reducing
    administration time and costs. Administrators can tie their WinDD
    servers to their existing NIS infrastructures to create/delete user
    accounts and manage access privileges from a single system. 
    
    Windows NT's domain system performs like the NIS system to centralize
    management of user accounts and passwords, using a Primary Domain
    Controller (PDC), that functions like an NIS Master Server, to
    synchronize all the vanilla NT servers and Backup Domain Controllers
    (BDC) in the domain. When running NT in heterogeneous environments,
    however, where most of the user account management has been established
    and successfully administered from the Unix side with the NIS system,
    the problem administrators want to avoid is replicating these efforts
    on a second platform. Since there is no way to use NT's domain system
    to manage the Unix environment, and since many organizations have
    already implemented the NIS system, WinDD NIS is the only solution that
    allows Unix/NT user account integration and synchronization.
    
    
    
    
    ------------------------------------------------------------------------
    Requirements
    
    WinDD NIS needs to be installed on every WinDD server that will access
    the Unix NIS server for username and password verification. WinDD
    servers which are not installed with the NIS product will work within
    NT's domain structure but will not work properly with NIS even if other
    WinDD servers in the same domain do have the NIS product.
    
    WinDD NIS is licensed for use in WinDD environments, either on WinDD
    servers or Windows NT servers. If you use a vanilla Windows NT server
    as a PDC whose primary function is to manage user accounts, it is vital
    that this Windows NT PDC has the NIS software on it too, in order for
    the WinDD NIS system to work properly. 
    
    
    
    
    ------------------------------------------------------------------------
    Installation and configuration
    
    The WinDD NIS software is distributed on a PC diskette and is installed
    directly on the WinDD server. Double-clicking the SETUP.EXE program on
    the A: drive will cause the NIS Setup program to install the software
    on your hard disk and launch the NIS Options program, which allows the
    administrator to set the initial and alter later NIS configurations.
    The NIS Options program is available in the Administrative Tools group
    and can be run (by an NT administrator) to do the following: 
    
    
    
     set the NT domain to either the local NT server or the NT domain
    controller;  add/select an NIS domain;  set the user's home directory
    (exactly as in User Manager, with variables allowed);  set ypbind to an
    NIS server broadcast or directly to a specific host;  limit NIS login
    to specified NIS groups;  allow/prevent direct login to NT servers; 
    allow/prevent NIS password changes from NT; and  enable group
    synchronization. 
    
    The NIS software is automatically installed as an NT service that
    performs the functionality of the Unix YPBIND program. YPBIND is the
    NIS client process that puts everything together. All participants in
    the NIS domain run YPBIND. When YPBIND starts, it contacts a YPSERV
    process out on the network that is in the same NIS domain. When a
    lookup is requested, the YPSERV process performs the lookup in its own
    NIS maps, and passes the information back to the client. YPBIND will
    start automatically at boot time on NIS Masters, Slaves, or clients if
    an NIS domain name is defined in the /etc/defaultdomain file. If it has
    a domain defined, the host will put a request for binding out on the
    net work. It will bind to the first YPSERV process that answers it. 
    
    The WinDD NIS product is a YPBIND client that runs on a PC app-server. 
    
    Based on what NIS server the YPBIND broadcast finds and binds to for
    its information (either specifically defined by the administrator or
    responding to a broadcast from the WinDD server), the username and
    password entered by the user on the WinDD Server are compared with
    those known by the NIS server. If they match, the user is logged on.
    
    An administrator can stop the YPBIND service in Control Panel's
    Services applet, but this will only affect a broadcast option. With NIS
    YPBIND set to a specific host, stopping the YPBIND service will have no
    effect. After successful installation, reboot the computer to take
    effect.
    
    WinDD NIS automatically allows groups to be synchronized between Unix
    and WinDD. When a user logs on to a WinDD server, his primary and
    secondary Unix groups are determined via the NIS password and group
    maps. The user is automatically added to or removed from the
    corresponding NT groups, with groups being automatically created if
    necessary.
    
    WinDD NIS also allows the user to change his password via the local
    WinDD security tool and have that password reflected back on the NIS
    server for all future logins to the WinDD server or elsewhere in his
    Unix environment. With the NIS database, the user's Unix root directory
    is also known to the WinDD server. With this information, the WinDD
    administrator has the option to automatically mount the user's home
    directory for access from the WinDD server via the WinDD NFS client.
    
    
    
    
    ------------------------------------------------------------------------
    Logging on in a WinDD NIS environment
    
    Once a WinDD user connects to a WinDD server with available licenses,
    he will see the login screen that asks for his name, domain, and
    password. In a standard WinDD environment, a user may have accounts on
    different WinDD servers and within different domains. To log on into a
    domain in which he has an account, the user has to select the correct
    domain in the From: field on the login screen; if he selects a domain
    or server that doesn't know about his account, he will be denied
    access. This is where the NIS product comes in. The NIS product adds
    another "domain" choice to the list.
    
    In order to be authenticated by the NIS server, the user must select
    the NIS server in the From: field. The NIS server, which is configured
    by the administrator during the WinDD NIS installation, will often look
    like some sort of internet address (such as solar.vnd.tek.com) or
    possibly an IP address in the From: field. By selecting the NIS server,
    the user's username and password on the login screen are compared to
    the master values stored on the NIS server. If they match, he is
    successfully logged on to the WinDD server.
    
    
    
    
    ------------------------------------------------------------------------
    Account creation
    
    An important part of the WinDD NIS system is that it still requires a
    proper WinDD/Windows NT user account to be set up. One feature that
    will cut down on administration time is NIS's ability to create WinDD
    user accounts automatically. 
    
    In the past, customers who purchased WinDD (or any other form of
    Windows NT) had to re-create user accounts on the NT side for every
    user who needed access to the NT server. But WinDD NIS utilizes the
    existing NIS system on the Unix side to avoid manually duplicating user
    accounts on the NT side. It will automatically create a user account on
    the WinDD Server if one does not already exist. The user, with a valid
    Unix/NIS account, must log on by selecting the NIS server in the From:
    field. Using information from the NIS server, the WinDD NIS product
    will create the account on a configurable NT domain that is set up by
    the administrator during the NIS installation. It is in this indirect
    domain specified by the sys-admin where the newly created WinDD user
    account is located.
    
    One might think this would be a little difficult if the site were
    actually using a Primary Domain Controller (PDC) for centralized NT
    account setup, but it's no problem for our NIS feature. The NIS system
    on the local WinDD Server actually talks to the PDC to set up the
    account. This is the reason customers will need to install WinDD NIS on
    their Windows NT PDCs.
    
    
    
    
    ------------------------------------------------------------------------
    Administration
    
    With WinDD NIS Support, administrators can let their existing NIS
    servers automatically create unique NT accounts for users who have
    never logged on to a WinDD server (providing they can successfully pass
    the NIS authentication). It will even create equivalent global user
    groups on the WinDD side and include the appropriate users in these
    groups as well, although the WinDD administrator will have to manually
    configure read/write/execute permissions for these new WinDD groups.
    
    An administrator can even lock out authorized NIS users from the WinDD
    server on a group-by-group basis.
    
    
    
    
    ------------------------------------------------------------------------
    Password changes and account synchronization
    
    WinDD NIS does a few things to keep the Unix and NT user accounts in
    sync. First of all, if the user logs on to WinDD via the NIS server and
    then changes his local WinDD server password, our NIS product actually
    works with the WinDD system to change both the local (NT) password and
    the NIS password to keep things synchronized. The NIS product on the
    WinDD server notifies the Unix NIS server of the password change if the
    user changes it from the WinDD server, and tells the user that his NIS
    password has been changed. Subsequent logins to the Unix or WinDD world
    will use the new password.
    
    But what happens if the user bypasses the NIS server and logs on
    directly into the server's domain? It is possible for things to get out
    of sync when a user changes his local password under these
    circumstances. Fortunately, NIS offers the administrator controls to
    prevent this from happening. For one thing, our NIS product lets the
    administrator decide if users can log on directly to the WinDD server
    without going through NIS. If he chooses not to allow this capability,
    the problem disappears completely. If he does choose to allow local
    logins, he can still configure NIS to prevent users from changing their
    local WinDD passwords if they also have NIS passwords. 
T.RTitleUserPersonal
Name
DateLines