Tải bản đầy đủ - 0 (trang)
Chapter 8. Integrating Active Directory with Novell, Oracle, Unix, and NT4 Directories

Chapter 8. Integrating Active Directory with Novell, Oracle, Unix, and NT4 Directories

Tải bản đầy đủ - 0trang

Novell,Oracle,andmanyotherenvironments.

Thischapterfocusesonthreemajorproducts:ServicesforUnix

(SFU)3.5,ServicesforNetWare(SFNW)5.03,Microsoft

IdentityIntegrationServer(MIIS)2003,andActiveDirectory

FederationServices.Eachoneoftheseproductsworksin

combinationwithWindowsServer2003technologiestoprovide

forthetransparentexchangeofinformationbetweennonMicrosoftandMicrosoftenvironments.

Thischapterintroduceseachenvironmentanddescribesthe

variousfunctionalityavailableineachproduct.Inaddition,this

chapterfocusesonthespecificintegrationissuesthateach

productbringstoWindowsServer2003andprovidesforahighlevelunderstandingofthewayseachproductcanbeusedto

enhanceacross-platformenvironment.



UnderstandingandUsingServicesforUnix3.5

Microsofthasalonghistoryofnot"playingwell"withother

technologies.WithWindows2003,MicrosoftintroducedServices

forUnix3.5.WiththedawnofWindowsServer2003R2,

ServicesforUnix(SFU)becomescoretotheoperatingsystem,

showingMicrosoft'scommitmenttointeroperability.SFUisnow

availableontheinstallationCDinsteadofasadownloadable

featurepack,anditsintegrationwithServer2003R2is

seamlessforthefirsttime.

Formanyyears,UnixandWindowssystemswereviewedas

separate,incompatibleenvironmentsthatwerephysically,

technically,andideologicallydifferent.Overtheyears,however,

organizationsfoundthatsupportingtwocompletelyseparate

topologieswithintheirenvironmentswasinefficientand

expensive;agreatdealofredundantworkwasalsorequiredto

maintainmultiplesetsofuseraccounts,passwords,

environments,andsoon.

Slowly,themeanstointeroperatebetweentheseenvironments

wasdeveloped.Atfirst,mostoftheinteroperabilitytoolswere

writtentojoinUnixwithWindows,asevidencedbySamba,a

methodallowingLinux/UnixplatformstoaccessWindowsNTfile

shares.Microsoft'stoolsalwaysseemedastepbehindthose

availableelsewhere.WiththereleaseofthenewServicesfor

UnixtoolsinServer2003R2Microsoftleapfrogstraditional

solutions,suchasSamba,andbecomestheleaderforcrossplatformintegration.

Long-awaitedfunctionalitysuchaspasswordsynchronization,

thecapabilitytorunUnixscriptsonWindows,jointsecurity

credentials,andthelikewerepresentedasviableoptionsand

canbenowbeconsideredaspartofamigrationtoor

interoperabilityscenariowithWindowsServer2003.



TheDevelopmentofServicesforUnix

ServicesforUnixhasmadelargestridesinitsdevelopment.

Frominitialskepticism,theproducthasdevelopedintoa

formidableintegrationandmigrationutilitythatallowsfora

greatdealofinter-environmentflexibility.Thefirstversionsof

thesoftware,1.xand2.x,werelimitedinmanyways,however.

Subsequentupdatestothesoftwarevastlyimprovedits

capabilitiesandfurtherintegrateditwiththecoreoperating

system.

AwatersheddevelopmentinthedevelopmentofServicesfor

Unixwastheintroductionofthe3.0versionofthesoftware.

ThisversionenhancedsupportforUnixthroughtheadditionor

enhancementofnearlyallcomponents.Includedwithversion

3.0wastheInterixproductaswell,anextensiontothePOSIX

infrastructureofWindowstosupportUnixscriptingand

applicationsnativelyonaWindowsServer.

Then,version3.5ofSFUWCSreleased,whichincludedseveral

functionalityimprovementsoverSFU3.0.Thefollowing

componentsandimprovementshavebeenmadeinthe3.5

release:

GreatersupportforWindowsServer2003ActiveDirectory

authentication

Improvedutilitiesforinternationallanguagesupport

ThreadedapplicationsupportinInterix

SignificantInterixperformanceincreasesofupto100%

SupportfortheVolumeShadowCopyServiceofWindows

Server2003



Finally,wecometotheServer2003R2integratedversionof

SFU.Besidesbeingslip-streameddirectlyintotheoperating

system,somefunctionalchangeshavebeenmade.Most

importantly,thestructureofSFUhaschangedconsiderably.

HereisthestructureofmajorimprovementsfortheR2SFU

offering:

NISandActiveDirectoryintegrationwithscriptsfor

populatingActiveDirectoryfromaNISdatabase

ExtendedNISinteroperabilityincludingallowingaWindows

Server2003R2systemtoactasaNISmasterinamixed

environment

NFSserverfunctionalityexpandedtoMacOSXandhigher

clients

SubsystemforUnixApplications(SUA)allowsaPOSIXcompliantUnixapplicationtoberunonWindowsServer

2003R2,includingmanycommonUnixtoolsandscripts

EasierportingofnativeUnixandLinuxscriptstotheSUA

environment



TheComponentsofServicesforUnix

ServicesforUnixiscomposedofseveralkeycomponents,each

ofwhichprovidesaspecificintegrationtaskwithdifferentUnix

environments.Anyorallofthesecomponentscanbeusedas

partofServicesforUnixastheinstallationofthesuitecanbe

customized,dependingonanorganization'sneeds.Themajor

componentsofSFUareasfollows:

SubsystemforUnix-basedApplications(SUA)



ClientforNFS

ServerforNFS

TelnetServer

TelnetClient

ServerforNIS

PasswordSynchronization

NISDomains

Eachcomponentcanbeinstalledseparatelyormultiple

componentscanbeinstalledonasingleserverasnecessary.All

componentsareavailablefromtheAdd/RemoveWindow

ComponentsWizardintheControlPanel.Eachcomponentis

describedinmoredetailinthefollowingsections.



PrerequisitesforServicesforUnix

ServicesforUnixR2interoperateswithvariousflavorsofUnix,

butwastestedandspecificallywrittenforusewiththefollowing

Unixiterations:

SunSolaris7.x,8.x,9.x,or10

RedHatLinux8.0andlater

Hewlett-PackardHP-UX11i

IBMAIX5L5.2



AppleMacintoshOSX



Note

SFUisnotlimitedtotheseversionsofSunSolaris,

RedHatLinux,HP-UX,IBMAIX,andMacOSX.It

actuallyperformsquitewellinvariousothersimilar

versionsandimplementationsofUnixandLinux.



ServicesforUnixhassomeotherimportantprerequisitesand

limitationsthatmustbetakenintoaccountbeforeconsideringit

foruseinanenvironment.Thesefactorsincludethefollowing:

ServerforNISmustbeinstalledonanActiveDirectory

domaincontroller.Inaddition,alldomaincontrollersinthe

domainmustberunningServerforNIS.

Passwordsynchronizationrequiresinstallationondomain

controllersineachenvironment.

ServerforNISmustnotbesubservienttoaUnixNIS

ServeritcanonlybesubservienttoanotherWindows-based

SFUserver.Thisrequirementcanbeapoliticallysensitive

oneandshouldbebroachedcarefully,assomeUnix

administratorswillbehesitanttomaketheWindows-based

NIStheprimaryNISserver.

TheServerforNISAuthenticationcomponentmustbe

installedonalldomaincontrollersinthedomaininwhich

securitycredentialswillbeutilized.



InstallingServicesforUnixR2

TheinstallationofServicesforUnixforWindowsServer2003

R2isassimpleasaddinganotherWindowscomponent.From

theControlPanel,gotoAdd/Removeprograms,andthen

Add/RemoveWindowsComponents.Thevariouspartsthat

makeupSFUareallavailableintheirappropriateareas.



Note

YouwillneedyourWindows2003R2installationCD

toaddeachoftheServicesforUnixcomponents.



TheinstallationofServicesforUnixisstraightforwardanduses

thefamiliarMicrosoftAdd/RemoveWindowsComponents

InstallationWizard.Aftertheprerequisiteshavebeensatisfied

andthedesiredfunctionalityhasbeenidentified.

ToinstallSFUR2,performthefollowingsteps:

1. ClicktheStartmenu,andselecttheControlPanel.

2. ChooseAdd/RemovePrograms.

3. ChooseAdd/RemoveWindowsComponentsintheleft

column.

4. SelectSubsystemforUnix-basedApplications,andclick

Next.

5. You'llbepromptedforthelocationoftheCDoranother

locationfortherequestedfiles.



6. ThesetupwillpromptyoutodownloadtheUtilitiesand

SDKforUnix-basedApplications,asshowninFigure8.1.

ClickYestodownloadthepackage.

7. ClickNextthroughthefirstfewscreens,andthenaccept

thelicenseagreement.

8. Enablesetuidbecausethisisanimportantfunctionfor

manyUnixapplications.Alsochoosetosetthedefault

behaviortocasesensitiveifyourUnixenvironmentiscase

sensitive.TheseoptionsareshowninFigure8.2.

9. ClickFinishforbothscreens,andtheinstallationis

complete.Youwillneedtorebootforthecomponentsto

becomeactive.

10. ToinstallthevariousActiveDirectoryrelatedcomponents,

gototheAdd/RemoveWindowscomponentsmenu.

11. SelectActiveDirectoryServices,andthenclickDetails.

SelectIdentityManagementforUnix(IDMU),andclick

DetailsagaintodrilldowntotheIDMUoptions.Selectall

threeoptionsforafullinstallation,asshowninFigure8.3.

12. ClickNexttobegintheinstallation.

13. YouwillbepromptedtolocatetherequestfilesontheCD.

Afterinstallation,clickFinishtofinishtheinstallation.

Finally,rebootforthecomponentstobecomeactive.

14. ToinstalltheNFScomponents,againgotothe

Add/RemoveWindowscomponentsmenu.

15. TheMicrosoftServicesforNFSarelocatedunderOther



NetworkFileandPrintServices.

16. SelectDetailsunderMicrosoftServicesforNFSandchoose

theappropriateoptionsforyourinstallation(seeFigure

8.4).



Figure8.1.DownloadtheUtilitiesandSDKfor

Unix-basedApplications.



[Viewfullsizeimage]



Figure8.2.ReviewingtheUtilitiesandSDKfor

Unix-basedApplicationsoptions.



Figure8.3.ActiveDirectoryServicesdetails.



Figure8.4.MicrosoftServicesforNFSoptions.



Note

TheUtilitiesandSDKforUnix-basedApplicationsis

fairlylarge,approximately180MB.Youmay

downloadthispackageinadvancetospeedupthe

installationprocess.Therearedifferentpackagesfor

x86andAMDarchitectures.



Onceinstalled,thevariousfunctionalitiescanbetestedinalab

environmentordeployedintoproduction.



Tài liệu bạn tìm kiếm đã sẵn sàng tải về

Chapter 8. Integrating Active Directory with Novell, Oracle, Unix, and NT4 Directories

Tải bản đầy đủ ngay(0 tr)

×