what about Active Directory Services?

Mike dugan at libwais.sonoma.edu
Sat Oct 10 06:20:00 GMT 1998


On Sat, 10 Oct 1998, Jens B. Jorgensen wrote:
[chop]
> Right, that's so AFAIK. I just got excited after reading the ADS whitepaper
> for a number of reasons. First, domains will be internet-style (bdsinc.com)
> and people will login to the domain with a friendly name which would be
> 'name at domain'.

This is one of the reasons why MS suggested people replace NT_DOMAIN with
NT-DOMAIN since this would be better for DNS compliance with ns lookups.
(The "-" is one of the few non-alpha-numeric symbols allowed in DNS names
that comply with RFCs (like rfc1034, 1035,) centered around DNS. The next
issue will of course be places exceeding the maximun record length
when naming thier new nt-domain/ADS system. There are still books on NT
that suggest using the "_" instead of the "-" in naming domains.

>          Next, the paper suggests, the way I read it, that we'll be able
> to modify the directories and add custom data fields. Perhaps then we could
> add the unix password (and the rest, home dir, etc) to the records and thus
> finally be able to unify network logons. I find this even more exciting that
> mapping NT UIDs and GIDs to unix, yada yada. Since supposedly Kerberos
> security will be used interoperability with unix should be easy (granted:
> nothing like this is ever as easy as it looks). This would be great because I
> don't like NIS (or NIS+) anyway. I think LDAP is a much better solution. Is it
> possible we can have a one, true login?
As a guess... just a guess.... they will probably charge you for each
active session that accesses a portion on the tree made available throught
the NT branch with username/host embeding. How will they charge you?
Client license restrictions per seat/per server etc..) There *must* be a
cost involved in it.

If you are saying that this will allow custom data files that contain
usernames and passwords for a share on another system to allow for a sort 
of auto-mount-daemon that is deman mounted as needed, then I would wonder
if MS thought about security of this before creating it, or as an after
market add-on, or has not even thought of it. Even then, the problems with
dealing with permissions may still exist...

However, I am uninformed on the new ADS on NT 5.0, and I am probably just
making an assumption based on previous historical reference. Do you have a
URL to offer on MS implementation on NT 5.0 of this, a white-paper? (I
will perform my own searches in the mean time...) 

Thanks.
-M
--------------------------------------------------------------------------
Systems Department Operating Systems Analyst for the Ruben Salazar Library
              of California State University at Sonoma.
  /UNIX(/BSD/SysV)\N_NW[.]VMS\WNTS\WNTW\W95\W311\WFWG\DOS:MacOS/NeXTSTEP  
--------------------------------------------------------------------------

> Gerald W. Carter wrote:
> > On Sat, 10 Oct 1998, Jens B. Jorgensen wrote:
> > > With all this effort to support NT Domains, what about when things
> > > switch to the new Active Directory Services in NT5?
> > NT 5 machines will still be able to login into NT4 Domains.  There is also
> > work to add an LDAP backend for user management to Samba.   BTW...To get
> > the full NT5 environment, my understand is that you'll have be **all** NT5
> > client and servers.
[chop]



More information about the samba-ntdom mailing list