|
4.514 bytes |
Service Hints & Tips |
Document ID: ROSN-42ZPBZ |
Network Station - Using NT Domain Login with the Network Station
Applicable to: World-Wide
The IBM Network Station, when booting from a Network Station Manager Windows NT server, can use the NT Domain accounts data for user authentication. NT Domains are a Microsoft invention and have nothing to do with TCP/IP Domains nor DNS. Briefly, an NT domain is defined by a single Primary Domain Controller which is commonly referred to as the PDC (Primary Domain Control). The PDC maintains a central database of all the user accounts and computer accounts for the users and computers in its domain. Within the NT domain there can be only one PDC. All domain logons must be authenticated against this central database. There can be Backup Domain Controllers or BDCs that maintain a copy of the PDC's central database and perform logon authentication just as the PDC does for domain logons. If a system is a member of a domain and is not a PDC or BDC, it is a member server/workstation. Member Servers do not have a copy of the domain user accounts database and must go across the network to a BDC or PDC to do domain logons. Member Servers do maintain a local accounts database that has user accounts that can be used only locally on that server. Domain accounts can be used on any system within the domain.
In short, this NT domain concept can become very confusing very quickly. For a more complete picture of how this all works, go to your local book store and look at the information available there. The rest of this document assumes that you have a general understanding of NT domains and how they work with Global and Local groups.
To authenticate Network Station users by their Windows NT domain accounts, a global group must be established for those users. That global group is then added to a local group on the Network Station Manager server. The Network Station Manager server can be a Windows NT 4.0 server or a WinCenter server.
If the Network Station Manager server resides on a different domain than the domain where the user accounts reside, a trust relationship must first be established between the domains. The trust should be established so the domain with the Network Station Manager server is the trusting domain and the domain with the user accounts is the trusted domain. This is set up under User Manager for Domains on both domains. It is set up under Policies -> Trust Relationships.
If the Network Station Manager server is a member of the domain that contains the user accounts, you do not need to worry about trust relationships. You must create a global group using the domain administrator account in User Manager for Domains on the domain that contains the user accounts. Add all the users who will be logging into Network Stations to this newly created global group.
On the Network Station Manager server, add the newly created global group to the NSMUser local group. This is done in User Manager for Domains on the Network Station Manager server by selecting the NSMUser group, clicking on the Add... button and adding the newly created global group. Domain users who are members of the newly created global group should now be able to log on at the Network Stations that are booting from the Network Station Manager server.
|
Search Keywords |
NC, NSM, BDC, Network Station | |
|
Hint Category |
System Administration Tools | |
|
Date Created |
10-12-98 | |
|
Last Updated |
22-03-99 | |
|
Revision Date |
20-09-99 | |
|
Brand |
IBM Network Station | |
|
Product Family |
NT Server - Network Station | |
|
Machine Type |
Various | |
|
Model |
| |
|
TypeModel |
| |
|
Retain Tip (if applicable) |
| |
|
Reverse Doclinks |