Mixing NT4 & Netware3

Travis Ritter tritter at darkwing.uoregon.edu
Mon Jan 25 16:01:41 EST 1999


Just a couple of additions to this excellent answer:

1)  Your NT clients will look for a file called "NTCONFIG.POL" when 
downloading their policies - "CONFIG.POL" is for Win95 clients.

2) If you will be installing the NT server on a 486, I would NOT use the 
NetWare Gateway.  Every request for a Novell resource goes through 
the NT server, so this solution works best when you only need 
occasional access to Novell services and you have a sufficiently 
powerful NT server (I would say at least a pentium, 350MHz, 128MB 
RAM...at least).

3) My understanding of the NetWare Gateway authentication system is that 
you create a single user and group on the Novell server for the gateway.  The 
NT server accesses everything on the Novell server with the rights of this
one 
user/group.  NetWare volumes that are set up to be accessed through the 
gateway show up as shares on the NT server; you then create accounts on the 
NT server and limit NT users' and groups' rights to these shares.  So, the 
upshot is that you have to recreate most of your users/groups and redo most 
of your permissions (there might be some utilities to help automate this - I 
don't know).

When I had to do this migration about a year ago, I had the luxury of having 
a powerful enough NT server to take over the file and print functions of the 
Novell server.  I simply copied over the filesystems and then recreated (by 
hand) the users, groups, and permissions.  For us, it was a valuable 
opportunity to redo our permissions scheme.  When the system was 
up and running (and tested), we just switched everybody over.  Obviously 
this won't work in every situation, but I'm never heard of a NetWare -> NT 
migration tool that really worked.

I'm now administering a different network in which we use NetWare and NT 
together (your second option).  It works quite well for us, but due to the 
overhead imposed by maintaining two networks, I wouldn't recommend 
it as a permanent solution.

Travis

At 09:53 AM 1/25/99 -0800, you wrote:
>I have Win 95 workstations logging into an NT Server first which then
passes the
>same logon to the Novell 4.x server.  If the logon is different for that
user on
>the Novell Server then the user will be presented a Netware Logon box as
well.
>I haven't tried the Netware Gateway approach.  The Network settings on the
>public machines specify Microsoft as the primary client and I am using
Policies
>and Profiles.  Staff machines in offices are set to Novell as the primary
client
>so that they won't use NT policies but do logon to the NT second instead of

>first.  So, I have to create a separate policy for each logon that is
going to
>use the public station because the default policy is no access to anything
local
>or network.  I use the same auto logon, using tweakui, on all public
patron PCs
>and I have a generic staff logon.  I only setup specific staff policies when
>necessary.  If you don't setup an auto logon the Primary Client, from the
Win95
>Network settings,  logon will come up first be it NT or Novell and pass that
>same logon and password to the second.  I chose separate logons so there
would
>be no Novell interference (broadcasts, etc,) from the NT  Server and the
Novell
>Server is administered outside of the Library.  I've been using this
combination
>for well over a year with pleasing results and have not had the need to use
>third party security software although that may be speaking more for our
patrons
>than how secure the policies and profiles make the workstations.  I am also
>running database search engines off of the Novell server which has a
different
>set of rights for the patron logon.  If you use policies, remember that
the NT
>policy editor is not compatible with the Win95 config.pol file, you need
to use
>the Win95 policy editor.
>
>To directly address two of your concerns:
>  Yes, the client will HAVE to logon to the NT Server first if you want to
use
>Policies.  The policy file config.pol has to reside in
>\winnt\system32\Repl\Import\Scripts directory.  That is where NT checks for
>policies when a user logs on.  I don't think your allowed to change that path
>even in the user logon script option in the NT user database.
>
>   Which is best?  It is my understanding that if you use the Netware Gateway
>the NT machine authenticates users off of the Novell's user database.  I
don't
>know what other advantages or disadvantages there might be besides not
having to
>duplicate all or some logons.
>
>Thomas
>
>
>"Paul H. Gray" wrote:
>
>> Ok here's the deal-
>>
>> Because of politics I am having to switch to NT on my clients and
>> ultimately on my server.
>>
>> Until I can get a new box I have to continue using my netware 3 server as
>> the primary location for my shared files, search engines - and other shared
>> applications as well as print services.
>>
>> BUT - I am looking at setting up a small (486) NT Server box STRICTLY to
>> handle user policies - so that I can lock down the stations when patrons
>> log in and open them when staff log in.
>>
>> If I understand correctly - that means patrons will HAVE to log in the the
>> NTServer .

>>
>> Question -
>> Is it best then to have them log in JUST to the NT server and run the
>> Netware Gateway on it to get them to the Netware server?
>>
>> Or is it best to have them log on to BOTH servers - if so how can I set it
>> up so they are prompted to do that?
>>
>> Or is there a 3rd (4th 5th - whatever) alternative??
>>
>> ANY help appreciated --
>> I have taught myselr Netware - with NT im clueless --
>> Paul H. Gray, Learning Resources Manager        Phone:  (817)515-6623
>> TCJC Northeast LRC                              Fax:    (817)515-6275
>> 828 Harwood Road                                E-Mail:
phgray at tcjc.cc.tx.us
>> Hurst, Texas 76054
> 
-------------------------------------------------------
Travis Ritter                 
Network Manager                          
University of Oregon Library          
  
Email:  tritter at darkwing.uoregon.edu
Phone: (541) 346-2140
Fax:     (541) 346-3485


More information about the Web4lib mailing list