Configuring a PDC on a NetWare CIFS server consists of the following:
To make a NetWare 6.5 SP 2 server a PDC, you must create a PDC on the server. The server where you create the domain cannot already be a domain controller or a domain member in any other domain.
To create a PDC on a NetWare CIFS server:
At the server console of the NetWare CIFS server where you want to create the PDC, specify the following console command:
CIFS DOMAIN CREATE
After specifying the command, you will be prompted separately for the domain name, context, username, and password.
Specify the domain name of the new PDC you are creating.
The size and allowed characters of this name are the same as a legal CIFS workgroup name.
Specify the context where the PDC object will be created in the eDirectory tree.
This is the eDirectory distinguished name of the context location in the eDirectory tree where the new domain is to be created. The following examples provide context format samples that can be used when specifying the context.
sales.boston.acme
.ou=sales.ou=boston.o=acme.t=acmetree.
Specify the username of a user with sufficient rights to create objects in the context you specified in Step 3.
You must specify the eDirectory context of the user you specify.
Specify the password for the user you specified in Step 4.
As an alternative to specifying the required information when prompted, you could specify the command and necessary parameters all at the same time. In this case, specify the following command at the server console:
CIFS DOMAIN CREATE domainName context comment username password
Replace the command parameter variables with the domain name, context, comment, username, and password. The parameters are described in Step 1through Step 5 above. If you want to specify a comment when creating the PDC, you must specify the command and parameters at the same time.
When you create a PDC on a NetWare CIFS server, that PDC also functions as a Domain Master Browser.
When you create a PDC on a CIFS NetWare server, a domain object is automatically created in the eDirectory context you specify during the creation process. The domain object is a container object and contains five Group objects that are also automatically created. The names and purposes of the domain Group objects are as follows:
IMPORTANT:Do not add additional non-domain objects to the domain container.
Domain Admins—This group is added to the local Administrators group of each Windows workstation that joins the domain. Those users that are domain administrators must be members of the Domain Admins group. The eDirectory user that creates the domain is automatically included as a member of the Domain Admins group. Other users can be added to this group by the domain administrator. Any user in this group will have local administrator rights on any workstation or server that joins the domain.
Domain Controllers—Every domain controller configured to participate in the domain will be added as a member of the Domain Controller group. An Access Control List (ACL) will be automatically created giving this group the rights to manage the domain object. This allows all domain controllers in the domain to access the domain object. An ACL will also be automatically added giving this group rights to manage the RID and CIFS login script attributes of any user, group, profile or container object in the subtree at the same level as the domain object or below it.
Domain Groups—This group is strictly for internal use by the domain code. Any eDirectory groups that have been used in the domain are automatically added as members of the Domain Groups group.
Domain Guests—This group can be added to the local workstation Guests group if desired. It is not automatically assigned members and is not added to any local groups like the Domain Admins and Domain Users groups.
Domain Users—This group is added to the local Users group of each Windows workstation that joins the domain. All users that log in to the domain are automatically added to this group. Every user in this group will have the same rights as the local Users group on any workstation or server that joins the domain.
When clients and non-Novell servers join the domain, a special Machine Account object is automatically created for them. These machine accounts are required in the Microsoft domain model, but are not necessary for Novell CIFS servers that participate in the domain. These Machine Account objects are contained by the domain object. They are eDirectory User objects where the name of the user is the NetBIOS name of the computer with a dollar sign ($) at the end of the name.
After creating a PDC on a NetWare CIFS server, you can add additional NetWare CIFS servers to the domain as either Backup Domain Controllers (BDC) or domain members.
To add a NetWare CIFS server to a domain as either a BDC or a domain member:
At the server console of the NetWare CIFS server that you want to add to the domain, specify the following console command:
CIFS DOMAIN JOIN
After specifying the command, you will be prompted separately for the domain name and the mode (BDC or domain member).
Specify the eDirectory distinguished name of the domain you want to join the server to.
Specify whether you want the server to be a BDC or a domain member by specifying either controller or member at the prompt.
Specify the username of a user with sufficient rights to create objects in the context you specified in Step 3.
You must specify the eDirectory context of the user you specify.
Specify the password for the user you specified in Step 4.
As an alternative to specifying the required information when prompted, you could specify the command and necessary parameters all at the same time. In this case, specify the following command at the server console:
CIFS DOMAIN JOIN domainName mode username password
Replace the command parameter variables with the domain name and mode that are described in Step 1 through Step 3 above. You can optionally specify a username and password by specifying the command and parameters at the same time.
The username must include the context and name of a user with sufficient rights to create objects in the specified context. If you do not specify a username, the rights for the Server object are used to attempt the join.
You can also add Windows and Samba servers to the domain as domain members. The procedure for adding Windows and Samba servers to the domain is the same as adding them to a domain hosted on a Windows server.
You cannot add BDCs hosted on Windows servers to domains hosted on NetWare servers.
IMPORTANT:If the CIFS server where the PDC is located is on a different subnet than the servers, workstations, or filers that will access it, you must configure a WINS address. The WINS address is the address of the WINS server used to locate the PDC. For information on configuring WINS addresses, see Changing CIFS Configuration.
The procedure for adding network attached storage filers to the domain is the same as adding them to a domain hosted on a Windows server. Consult your network attached storage filer documentation for more information.
If you have User objects in your eDirectory tree that are above the context where the PDC object was created or are in a different branch of the tree than the PDC object, you must add an Access Control List (ACL) for the domain. The ACL grants the domain’s Domain Controllers group the rights to manage User object RIDS and login scripts at the specified context and below it in the eDirectory tree.
To add an ACL for the domain:
At the server console of the NetWare CIFS server where the PDC is located, specify the following console command:
CIFS DOMAIN ADDACL
After specifying the command, you will be prompted separately for the ACL context.
Specify the context for the ACL.
This is the eDirectory distinguished name of the context location in the eDirectory tree where the ACL for the domain is to be placed.
As an alternative to specifying the required information when prompted, you could specify the command and necessary parameters all at the same time. In this case, specify the following command at the server console:
CIFS DOMAIN ADDACL context domainName username password
Replace the context parameter with the context that is described in Step 2 above. You can optionally specify the domain name, username, and password by specifying the command and parameters at the same time.
The domain name is the eDirectory distinguished name of the PDC. The domain name is required if you specify a username and password. If you do not specify a domain name, the server's current domain is used.
The username must include the context and name of a user with sufficient rights to create objects in the specified context. If you do not specify a username, the rights for the Server object are used to attempt to create the ACL.