domain services for windows on oes11sp1

Deploying Domain Services for WindowsBas Penris, Etty Hillesum Lyceum

b.penris@ettyhillesumlyceum.nl

Introduction to DSfW

• DSfW is a set of tech that allows OES to present itself as AD

• Setup non name mapped to get familiar with the technology

• Use IDM to provision users and groups

• AD trusts

• No MS-licensing

• Complicated piece of technology, a lot can go wrong

• That’s why Non-Name Mapped is a good idea

Benefits

• AD applications integrate very easily

• eDir still outperforms AD by a couple of factors

• eDir style management, got to hate MMC

• Most of it is technology known to you

Downside

• Troubleshooting can be hard

• MS points at Novell/NetIQ and vice versa

• xadcntl restart usually fixes things

• Non Name Mapped doesn’t break as much

Key components

• eDirectory!

• Kerberos Key Distribution Center

• NMAS extentions to update AD-credentials when UP is changed

• AD Provisioning Handler/DS Agent: AD security & information model, makes sure users and groups have SIDs

• Domain Services Daemon: Windows RPCs, LSA, SAM & NetLogon

• NAD Virt. Layer: Virtualises AD Inf. Mod. for LDAP

• CIFS/DDNS/NTP

Preparing

• Choose a domain name

• .local is not supported but it does work, see support.novell.com forinfo on how to configure DNS

• dsfw.yourdomain.tld or ad.yourdomain.tld or blah.yourdomain.tld

• Create glue records in your current DNS infrastructure

• Do it multiple times to get the hang of the technology

• Update

• Static IP

• /etc/resolv.conf points to 127.0.0.1

Make it easy!

• Use a VM, either in ESXi, Workstation, VirtualBox or Hyper-V

• OES11SP2

• Use pvscsi and vmxnet3 for performance

Installation

• Just select the DSfW pattern

• I always install iManager as well

• Let’s walk through the installation

Not done yet!

DSfW Server Authentication

Crontab

Windows XP

Add to domain

Authenticate

Success!

Log in

Logged in!

What’s next?

• Connect AD-enabled applications

• Fill your AD with users

• Use MMC or iManager to manage users

• Wait for OES-Next to get your NSS filesystems in there ;)

Support

• www.dsfwdude.com

• Helpful Install TIDs: https://www.novell.com/support/kb/doc.php?id=7000068

• General TIDs: https://www.novell.com/support/kb/doc.php?id=7002366

• Verify install: https://www.novell.com/support/kb/doc.php?id=7001884

• Basic Troubleshooting: https://www.novell.com/support/kb/doc.php?id=3576510

Thank you!