Novell Doc: OES 2 SP3: Upgrading to OES—Best Practices Guide

3.5 About Domain Services for Windows

NOTE:The following overview of DSfW is copied from the OES 2 SP3: Planning and Implementation Guide for your convenience.

Novell Domain Services for Windows (DSfW) allows eDirectory users on Windows workstations to access storage on both OES servers and Windows servers by using native Windows and Active Directory authentication and file service protocols.

DSfW enables companies with Active Directory and Novell eDirectory deployments to achieve better coexistence between the two platforms.

Users can work in a pure Windows desktop environment and still take advantage of some OES back-end services and technology, without the need for a Novell Client™ or even a matching local user account on the Windows workstation.
Network administrators can use either Microsoft^* Management Console (MMC) or iManager to administer users and groups within the DSfW domain, including their access rights to Samba-enabled storage on OES servers.

Figure 3-1 DSfW File Access Overview

The following table explains the information illustrated in Figure 3-1.

Access Methods	Authentication	File Storage Services
eDirectory and Active Directory users on Windows workstations can access files through Windows Explorer^* (CIFS) or Internet Explorer (WebDAV Web Folders). No Novell Client can be on the machine. Unlike Windows workgroup or Novell Samba, the user doesn’t need to have a matching username and password on the local workstation. Although not shown, Novell Client users can also access files through a normal NCP™ connection.	For eDirectory users, file service access is controlled by authentication through the eDirectory server, using common Windows authentication protocols, including Kerberos^*, NTLM, and SSL/TLS. For AD users, file service access is controlled by authentication through the AD server.	On OES 2 servers, file storage services are provided by Samba to NSS or traditional Linux file systems. For eDirectory users, access to storage on Windows servers is available through a cross-forest trust. Access rights are granted by the AD administrator following the establishment of the cross-forest trust.

Access Methods

Authentication

File Storage Services

eDirectory and Active Directory users on Windows workstations can access files through Windows Explorer^* (CIFS) or Internet Explorer (WebDAV Web Folders). No Novell Client can be on the machine.

Unlike Windows workgroup or Novell Samba, the user doesn’t need to have a matching username and password on the local workstation.

Although not shown, Novell Client users can also access files through a normal NCP™ connection.

For eDirectory users, file service access is controlled by authentication through the eDirectory server, using common Windows authentication protocols, including Kerberos^*, NTLM, and SSL/TLS.

For AD users, file service access is controlled by authentication through the AD server.

On OES 2 servers, file storage services are provided by Samba to NSS or traditional Linux file systems.

For eDirectory users, access to storage on Windows servers is available through a cross-forest trust. Access rights are granted by the AD administrator following the establishment of the cross-forest trust.

Figure 3-2 DSfW User Management Overview

The following table explains the information illustrated in Figure 3-2.

Management Tools	Users
iManager manages DSfW users exactly like other eDirectory users. MMC manages both AD users and DSfW users as though they were AD users.	DSfW users must have the Default Domain Password policy assigned and a valid Universal Password. DSfW users are automatically enabled for Samba and LUM.

Management Tools

Users

iManager manages DSfW users exactly like other eDirectory users.

MMC manages both AD users and DSfW users as though they were AD users.

DSfW users must have the Default Domain Password policy assigned and a valid Universal Password.

DSfW users are automatically enabled for Samba and LUM.

Figure 3-3 DSfW Storage Management Overview

The following table explains the information illustrated in Figure 3-3.

Management Tools	Storage
Network administrators use native OES and Windows storage management tools to create and manage storage devices on OES and Windows servers, respectively. Windows management tools can also manage share access rights and POSIX^* file system rights on DSfW storage devices after the shares are created. They cannot create the shares or perform other device management tasks.	Storage devices on OES 2 servers can be either NSS or traditional Linux volumes. Samba management standards apply to both volume types.

Management Tools

Storage

Network administrators use native OES and Windows storage management tools to create and manage storage devices on OES and Windows servers, respectively.

Windows management tools can also manage share access rights and POSIX^* file system rights on DSfW storage devices after the shares are created. They cannot create the shares or perform other device management tasks.

Storage devices on OES 2 servers can be either NSS or traditional Linux volumes. Samba management standards apply to both volume types.

For planning information, see the OES 2 SP3: Domain Services for Windows Administration Guide.

For implementation information, see the OES 2 SP3: Domain Services for Windows Administration Guide.