Synchronize Novell and Windows Server passwords 1

[edmac]

My primary server is a Novell 6.x server where all of my users log-in, but some of then need to access an application running on a Windows 2003 server to which they connect through the "NET USE" command in their login script. The problem is that I want that everytime the users change their password on Novell, the password on the Windows server will chnage as well. Is there a way to do this?

Thanks.

Ed.

 

[terry712]

idm

or you could do the nasty generic pwd on the m$ box but secure it by passing it from a nal app that maps in the back so no-one see pwd

it is better to invest in proper apps that dont need a mapping.

 

[meBrian]

I have a similar setup in which the File and Print is managed on a Novell box but there are applications which are located on either a 2000 or 2003 server. I don't create individual user accounts on the windows server. I create a generic account and share folders using the generic username/password. This account would be used when mapping the drive in windows <Connect using a Different Name>, then let the application manage user security for itself. This process eliminates the need to manage password changes by users in either Novell or Windows.

 

[marvhuffaker]

Open Enterprise Server (OES), which is NetWare 6.5 on steroids has an IDM bundle edition that will sync accounts between eDirectory and Windows Domains and Active Directory.

IDM = Identity Manager and it is a powerful powerful solution. AD to EDIR sync is one of the most trivial tasks that it does, but it wets your appetite and gets you geeked out about it.

Marvin Huffaker, MCNE

http://www.redjuju.com

 

[edmac]

Thanks a lot meBrian! Your suggestion works very well. Was fast and simple to implement and its working great. Thanks again!

 

[TheLad]

As long as you are fully aware of the security risks involved with having a generic account...

--------------------------------------------------------------------------
"Who is General Failure and what is he doing on my computer?"
--------------------------------------------------------------------------

 

[mmeagle01]

Is there a way to accomplish this without creating a generic account? Our Security Officer says I can't create a generic account.

 

[terry712]

no really but if you create a generic account then distribute the app via a nal - as part of the nal you can get it to map the drive - so that the drive is only there during the use of the application

unfortunately your are not allow to just give the apps the rights it does have to be a object that holds a security principle

this is nt ideal but at least the user doesnt know the pwd and it is not seen and the nal is only given to users with group membership

if you really want to get pedantic with the security officer - this is no different from the principle that gsnw from m$uck uses

idm is what you really want though - it is the future

 

[edmac]

Well, the generic ID/password works well in mapping the drive and giving access to the users to the application, but now some of them are getting the "Restoring Network Connections" message and are being asked to supply the password of this generic ID to reconnect to the drive when the login again. This happens before the login script runs. I have tried to get rid off of this but nothing works. Any ideas?

Thanks.

Ed.

 

[terry712]

make the drive - none perstistent or delete the mapping on exit

ie net use t: \\crappym$pice of***\stuff /user:bob cratchit persistent:no

or on exit net use r: /delete