SUMMARY: NIS and NT User Authentication

From: Marty W. Bullock (mbullock@mindspring.com)
Date: Tue Jan 07 1997 - 15:41:18 CST


Thanks to the following for their replies:

Ian MacPhedran <Ian_MacPhedran@mackenzie.usask.ca>
Cheng, Bruce <Bruce.Cheng@aspect.com>
Keith G. Weinberg <kwein@fir.ml.com>
Niklas Paulsson <niklas@student.adb.gu.se>
Bertrand Hutin <hb@o2tech.fr>
Marcos Padilla <mpadilla@cientec.cl>
fletch@ttmc.com (Fletcher B. Cocquyt)
John D Groenveld <groenvel@cse.psu.edu>
Trevor Paquette <tpaquett@aec.ca>

-------------------------------------------------------------------------------
<Original Question>
> First of all, let me briefly describe the situation:
>
> We're in the progress of relocating our entire LAN to a new building while
> adding about 50% more users to the network from other locations. At the same
> time, the powers that be have determined that we should migrate our PC side
> of the LAN to a Windows 95 environment with NT servers. Currently, we use
> PC-NFS Pro for authentication and user access to the Unix Servers. My Unix
> servers are currently running Solaris 2.5.1 with a Level 5 RAID storage
> system. The NT servers will be Compaq NT Servers (NT 4.0) with their own
> RAID system. My NIS server is using NIS.
>
> Now the question(s):
>
> Has anyone used NIS and NT together with both providing user authentication?
>
> Is NT even compatible with NIS?
>
> Just for clarity...If a specific user logs into the NT domain and then
> attempts to map a Unix network drive, will NT relay the user information to
> the NIS server? Is there ANY compatibility between the two?

-------------------------------------------------------------------------------
<The Answer>

Well, of the responses so far, it looks like I've got a few programs to
check out. Thanks to all those that responded (list follows). Here's the
results:

The overall consesus was that NIS and NT are NOT compatible without some
sort of third party intervention. Several different programs were suggested
to provide this interface. One thing that I forgot to mention was that only
my server is going to be running NT 4.0 (the rest of the herd is on 95).
After the coffee wore off last night, I determined that I should be able
continue to use PC-NFS Pro for the NIS authentication as long as I keep the
user databases identical. It will require that the users have two separate
logins when they start their system, but it's a small price to pay for
standardization. After the dust dies down I *do* plan on checking out some
of the programs listed below, primarily WinDD from Tektronix. It sounds
like a very robust interface between NT and NIS. Thanks again for all of
the replies! TTFN!

Here's some of the responses:

Ian MacPhedran
>Get samba via
> http://lake.canberra.edu.au/pub/samba/samba.html
>
>This will allow you to use NT domain authorisation to be used for
>verifying users for UNIX directory mounts from PCs.

Cheng, Bruce
>NIS and NT authentication are not compatible.
>
>Something that resembles of what you are referring to are from
>insignia's NTrigue product which allows
>NIS authentication. However, I am not sure if that 'feature' can be sell
>as a standalone product.

Keith G. Weinberg
>We use WinDD NIS for user authentication. Tektronix sells
>it out of their Networking division (http://www.tek.com/).
>As far as I know, there is no innate NT/NIS compatibility without
>third-party intervention. WinDD NIS works well for our user
>authentication purposes (it even does a background yppasswd when
>changing the NT password!). I believe that making the box a PDC
>will mean that workstations in the same domain will use the
>NIS features vicariously. . . you might not want to quote me on
>that however.
>
>Also, they have an NFS version that automagically maps users
>auto.home home directories. This means that the Unix home-directory
>is mounted on NT login (nice).
>
>WinDD itself allows your users to bring up an NT window on their Unix
>box, use the local floppy drive, and do a few other tricks. You
>might want to give it a shot if you are doing such a big integration.
>Don't get me wrong. . . it's its own bag of snakes, but it has solved
>quite a few of our migration headaches.

Bertrand Hutin
>> Is NT even compatible with NIS?
>NO
>> Just for clarity...If a specific user logs into the NT domain and then
>> attempts to map a Unix network drive, will NT relay the user information to
>> the NIS server?
>YES, the logname.

Fletcher B. Cocquyt
>We have NT NFS clients mounting UNIX server disks here using PCNFS
>running on the UNIX side. If the NT password matches the UNIX password for
>the same username, then the user does not need to supply a password when
>mapping the UNIX server disk...the NT client is compatible with the PCNFS
>daemon running on the UNIX side in that respect.

/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
\/ Marty W. Bullock \/
/\ Unix Systems Administrator /\
\/ Siemens Energy & Automation, Inc. \/
/\ 3496 Montreal Industrial Way /\
\/ Tucker, Georgia 30084 \/
/\ e-mail: mbullock@mindspring.com /\
\/ Phone: (770) 496-8623 Fax: (770) 496-8627 \/
/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:11:42 CDT