Domain Services for Windows: Best Practices for Windows Interoperability
Domain Services for Windows on OES11SP1
50
-
Upload
bas-penris -
Category
Software
-
view
48 -
download
0
Transcript of Domain Services for Windows on OES11SP1
Deploying Domain Services for WindowsBas Penris, Etty Hillesum Lyceum
Introduction to DSfW
• DSfW is a set of tech that allows OES to present itself as AD
• Setup non name mapped to get familiar with the technology
• Use IDM to provision users and groups
• AD trusts
• No MS-licensing
• Complicated piece of technology, a lot can go wrong
• That’s why Non-Name Mapped is a good idea
Benefits
• AD applications integrate very easily
• eDir still outperforms AD by a couple of factors
• eDir style management, got to hate MMC
• Most of it is technology known to you
Downside
• Troubleshooting can be hard
• MS points at Novell/NetIQ and vice versa
• xadcntl restart usually fixes things
• Non Name Mapped doesn’t break as much
Key components
• eDirectory!
• Kerberos Key Distribution Center
• NMAS extentions to update AD-credentials when UP is changed
• AD Provisioning Handler/DS Agent: AD security & information model, makes sure users and groups have SIDs
• Domain Services Daemon: Windows RPCs, LSA, SAM & NetLogon
• NAD Virt. Layer: Virtualises AD Inf. Mod. for LDAP
• CIFS/DDNS/NTP
Preparing
• Choose a domain name
• .local is not supported but it does work, see support.novell.com forinfo on how to configure DNS
• dsfw.yourdomain.tld or ad.yourdomain.tld or blah.yourdomain.tld
• Create glue records in your current DNS infrastructure
• Do it multiple times to get the hang of the technology
• Update
• Static IP
• /etc/resolv.conf points to 127.0.0.1
Make it easy!
• Use a VM, either in ESXi, Workstation, VirtualBox or Hyper-V
• OES11SP2
• Use pvscsi and vmxnet3 for performance
Installation
• Just select the DSfW pattern
• I always install iManager as well
• Let’s walk through the installation
Not done yet!
DSfW Server Authentication
Crontab
Windows XP
Add to domain
Authenticate
Success!
Log in
Logged in!
What’s next?
• Connect AD-enabled applications
• Fill your AD with users
• Use MMC or iManager to manage users
• Wait for OES-Next to get your NSS filesystems in there ;)
Support
• www.dsfwdude.com
• Helpful Install TIDs: https://www.novell.com/support/kb/doc.php?id=7000068
• General TIDs: https://www.novell.com/support/kb/doc.php?id=7002366
• Verify install: https://www.novell.com/support/kb/doc.php?id=7001884
• Basic Troubleshooting: https://www.novell.com/support/kb/doc.php?id=3576510
Thank you!
