Linking Unix and Windows 2000, the Microsoft way
Brien M Posey
Published: 24 Dec 2002 23:21 GMT
Although Gateway for NFS is a new feature, it's very reminiscent of Gateway Services for NetWare (GSNW). What's nice about this gateway is that it seems Microsoft has learned from its experience in GSNW and has really beefed up security.
If you've ever used GSNW, you know that its biggest weakness is its total reliance on share-level security. If two shares happen to overlap and a user has different permissions on the two shares, the user could pass through the less restrictive share to gain an unauthorised level of access to the more restrictive share.
Microsoft addressed this problem in the Gateway for NFS component with the creation of client groups. You can create groups similar to Windows 2000 security groups and assign them to Unix share points. While the entire operation still relies on share-level security, there's a handy check box you can use to block access to the share's root level, thus preventing the security problems associated with GSNW.
NIS Server
Another major component of Windows Services for Unix is the NIS Server. The NIS Server allows a Windows 2000 domain controller to administer a Unix network. The Windows domain controller uses Active Directory, while the Unix network uses the Network Information Service (NIS). The NIS Server component provides the translation between these two environments.
If you've used NIS in previous versions of the Windows Services for Unix, then you'll be happy to know that Microsoft has made a few enhancements to the NIS Server in version 3.0. The NIS services now support MD5 encryption. Microsoft has also made scalability and performance improvements and enhanced the logging functionality. In fact, NIS now supports 64,000 users.
The NIS services have also been integrated with another component, the pluggable authentication module, that's new to Windows Services for Unix 3.0. The pluggable authentication module allows users to maintain a single user name and password across the two operating systems. The module then synchronises the password, thus ensuring that your corporate password policy is maintained across both operating systems. The best part of the pluggable authentication module is that you can change passwords in Windows or Unix, and those changes automatically replicate to the other operating system.
Telnet server and Telnet client application
No Unix interface would be complete without Telnet support. Windows Services for Unix includes both a Telnet server and a Telnet client. The server-side component allows Windows 2000 servers to host Telnet sessions, while the client-side component allows Windows users to access Unix servers via a Telnet session.
Microsoft has also improved the scalability of the server-side Telnet component and has added IPv6 support. Another change in the Telnet component involves the way that zone checking is accomplished. Now zone checking occurs prior to the issuing of NTLM credentials so that users can't use the NTLM credentials outside of the authorised zone.
User Name Mapping Server
Another feature that's new to version 3.0 is the User Name Mapping Server. The User Name Mapping Server supports pooling of redundant name mapping servers. This brings increased performance, scalability, and fault tolerance.
Microsoft has made some other functional modifications to the User Name Mapping Server as well. In previous versions, the maximum number of groups a user could belong to was hard-coded to match the maximum number of groups supported by the system. The number of groups that a user can belong to is now dynamic. Another improvement is that user names are now truly Unix compliant in that they can contain non-ASCII characters.
Previous
Did you find this article useful?
71 out of 176 people found this useful
- Share this article:
