3.5 About Domain Services for Windows

Novell Domain Services for Windows (DSfW) allows eDirectory users on Windows workstations to access storage on both OES servers and Windows servers by using native Windows and Active Directory authentication and file service protocols.

DSfW enables companies with Active Directory and NetIQ eDirectory deployments to achieve better coexistence between the two platforms.

  • Users can work in a pure Windows desktop environment and still take advantage of some OES back-end services and technology, without the need for a Novell Client™ or even a matching local user account on the Windows workstation.

  • Network administrators can use either Microsoft Management Console (MMC) or iManager to administer users and groups within the DSfW domain, including their access rights to Samba-enabled storage on OES servers.

For planning and implementation information, see the OES 11 SP3: Domain Services for Windows Administration Guide.

3.5.1 File Access

Figure 3-1 DSfW File Access Overview

Table 3-1 DSfW File Access

Access Methods

Authentication

File Storage Services

eDirectory and Active Directory users on Windows workstations can access files through Windows Explorer (CIFS) or Internet Explorer (WebDAV Web Folders). No Novell Client is needed on the machine.

Unlike Windows workgroup or Novell Samba, the user doesn’t need to have a matching username and password on the local workstation.

Although not shown, Novell Client users can also access files through a normal NCP connection.

For eDirectory users, file service access is controlled by authentication through the eDirectory server using common Windows authentication protocols, including Kerberos, NTLM, and SSL/TLS.

For AD users, file service access is controlled by authentication through the AD server.

On OES servers, file storage services are provided by Samba to NSS or traditional Linux file systems.

For eDirectory users, access to storage on Windows servers is available through a cross-forest trust. Access rights are granted by the AD administrator following the establishment of the cross-forest trust.

3.5.2 User Management

Figure 3-2 DSfW User Management Overview

Table 3-2 DSfW User Management

Management Tools

Users

iManager manages DSfW users like other eDirectory users.

MMC manages both AD users and DSfW users as though they were AD users.

DSfW users must have the Default Domain Password policy assigned and a valid Universal Password.

DSfW users are automatically enabled for Samba and LUM.

3.5.3 Storage Management

Figure 3-3 DSfW Storage Management Overview

Table 3-3 DSfW Storage Management

Management Tools

Storage

Network administrators use native OES and Windows storage management tools to create and manage storage devices on OES and Windows servers, respectively.

Windows management tools can also manage share access rights and POSIX file system rights on DSfW storage devices after the shares are created. They cannot create the shares or perform other device management tasks.

Storage devices on OES servers can be either NSS or traditional Linux volumes. Samba management standards apply to both volume types.