|
Softpanorama
(slightly skeptical)
Open Source Software Educational Society |
May the
source be with you,
but remember the KISS principle ;-)
|
SFU as a NIS -- Active Directory bridge
NIS server is a major component of
Windows Services for Unix. The NIS
Server allows a Windows 2000 domain controller to
administer a Unix network. The Windows domain
controller uses Active Directory, while the Unix
network uses the Network Information Service (NIS).
The NIS Server component provides the translation
between these two environments.
The NIS services now support MD5 encryption.
Microsoft has also made scalability and performance
improvements and enhanced the logging functionality.
In fact, NIS now supports 64,000 users.
The NIS services have also
been integrated with another component, the
pluggable authentication module. The pluggable
authentication module allows users to maintain a
single user name and password across the two
operating systems. The module then synchronises the
password, thus ensuring that your corporate password
policy is maintained across both operating systems.
The best part of the pluggable authentication module
is that you can change passwords in Windows or Unix,
and those changes automatically replicate to the
other operating system.
A major problem in a mixed environment is the need for
different passwords on different systems. In a pure
Windows
environment, you can use the Active Directory to provide one user account and password,
creating a single sign-on (SSO) that is valid throughout
your company. In a UNIX environment, you can use NIS to
synchronize passwords across multiple UNIX machines.
However, in the past, synchronizing passwords between NT
and UNIX has been difficult.
In SFU Microsoft provides an intermediate step to
synchronize NT and UNIX passwords rather than fully
integrate NT into the UNIX NIS system. SFU
password-synchronization method works in only one
direction—SFU automatically propagates changes you make
on an NT machine to a UNIX machine. You can designate a
group of UNIX machines that will receive
the synchronized password. Passwords must comply with
the password rules you define for the NT machine,
ensuring a consistent passwords.
Notes:
- Those pages are written by people for whom English is not a
native language. Some amount of grammar and spelling errors
should be expected.
- This is a Spartan WHYFF (We Help You For Free) site. It
cannot replace the best teachers and
the
best books.
- The site contain some obsolete pages as it develops like a
living tree... Some links on older pages
are broken. Please
try to use Google, Open directory, etc. to find a replacement link
(see
HOWTO search the WEB for details).
We would appreciate if you can
mail us a correct link.
|
|
Active
Directory Integration HP-UX 11
The two are different. The Vintela product is
more comprehensive than what
comes with SFU 3.5. Vintela has a free 60-day demo so you can give it a try.
On the Vintela FAQ page they have the entry:
How does VAS compare with SFU?
SFU includes a number of features, one of which, its ability to act as an
NIS server, is another approach to achieve limited integration between Unix
and Active Directory. See the document VAS and Microsoft Windows Services
for UNIX compared.
(that's a link to
http://www.vintela.com/products/vas/docs/VAS_SFU.pdf)
I think (and Mark may correct this later 
) that Mark was pointing to Vintela
because you're wanting to integrate with AD. SFU's sol'n is to manage the
Unix/Linux
boxes with NIS for passwords. But that limits it's involvment with AD. The
Vintela
product, called "VAS", uses LDAP and Kerberos to do the management. AD uses
Kerberos.
Reading the above mention PDF may help you. You should learn some more about
NIS at
even a broad/conceptual level so you can understand the comparisons. If
you're working
with Unix machines to integrate them under AD you're going to have know what
they do,
how and why.
Here's a link:
http://www.free-definition.com/Network-Information-Service.html
for you to read about NIS. It'll get you the basic definitions.
You should get some NIS reading material too. I can recommend
"Managing NFS and NIS", 2nd Edition, O'Reilly Books, by Hal Stern.
In case of broken links
please try to use Google search. If you find the page please notify
us about new location
Softpanorama NIS links
How
to configure Network Information Services (NIS) objects in the Active Directory
directory service so that a delegated user can modify them
[PDF]
WHITE PAPER
Windows Services for UNIX 3.5 Features
Services for UNIX 3.5's Flair for Interoperability
Microsoft
Windows Services for UNIX (SFU) 3.5 (now free)
[PPT]
Services For Unix 3.5
[PPT]
Windows & Unix Interoperability: Working with Unix Protocols ...
[PPT]
Windows/UNIX Convergence
[PDF]
Migrating UNIX and Other Applications to Windows Server 2003
[PDF] Unix
Authentication and Identity Management
Copyright © 1996-2008 by Dr. Nikolai Bezroukov.
www.softpanorama.org was
created as a service to the UN Sustainable Development Networking Programme (SDNP)
in the author free time.
Submit
comments This document is an industrial compilation designed and created
exclusively for educational use and is placed under the copyright of the
Open Content License(OPL).
Original materials copyright belong to respective owners. Quotes are made
for educational purposes only in compliance with the fair use doctrine.
Standard disclaimer: The statements, views and opinions presented on
this web page are those of the author and are not endorsed by, nor do they necessarily
reflect, the opinions of the author present and former employers, SDNP or any other
organization the author may be associated with. We do not warrant the correctness
of the information provided or its fitness for any purpose.
Last modified:
June 05, 2008
