Novell Domain Services for Windows (DSfW) allows eDirectory users on Windows workstations to access storage on both OES servers and Windows servers by using native Windows and Active Directory authentication and file service protocols.
DSfW enables companies with Active Directory and NetIQ eDirectory deployments to achieve better coexistence between the two platforms.
Users can work in a pure Windows desktop environment and still take advantage of some OES back-end services and technology, without the need for a Novell Client™ or even a matching local user account on the Windows workstation.
Network administrators can use either Microsoft Management Console (MMC) or iManager to administer users and groups within the DSfW domain, including their access rights to Samba-enabled storage on OES servers.
For planning and implementation information, see the OES 11 SP3: Domain Services for Windows Administration Guide.
Figure 3-1 DSfW File Access Overview
Table 3-1 DSfW File Access
Access Methods |
Authentication |
File Storage Services |
---|---|---|
eDirectory and Active Directory users on Windows workstations can access files through Windows Explorer (CIFS) or Internet Explorer (WebDAV Web Folders). No Novell Client is needed on the machine. Unlike Windows workgroup or Novell Samba, the user doesn’t need to have a matching username and password on the local workstation. Although not shown, Novell Client users can also access files through a normal NCP connection. |
For eDirectory users, file service access is controlled by authentication through the eDirectory server using common Windows authentication protocols, including Kerberos, NTLM, and SSL/TLS. For AD users, file service access is controlled by authentication through the AD server. |
On OES servers, file storage services are provided by Samba to NSS or traditional Linux file systems. For eDirectory users, access to storage on Windows servers is available through a cross-forest trust. Access rights are granted by the AD administrator following the establishment of the cross-forest trust. |
Figure 3-2 DSfW User Management Overview
Table 3-2 DSfW User Management
Management Tools |
Users |
---|---|
iManager manages DSfW users like other eDirectory users. MMC manages both AD users and DSfW users as though they were AD users. |
DSfW users must have the Default Domain Password policy assigned and a valid Universal Password. DSfW users are automatically enabled for Samba and LUM. |
Figure 3-3 DSfW Storage Management Overview
Table 3-3 DSfW Storage Management
Management Tools |
Storage |
---|---|
Network administrators use native OES and Windows storage management tools to create and manage storage devices on OES and Windows servers, respectively. Windows management tools can also manage share access rights and POSIX file system rights on DSfW storage devices after the shares are created. They cannot create the shares or perform other device management tasks. |
Storage devices on OES servers can be either NSS or traditional Linux volumes. Samba management standards apply to both volume types. |