2. Introduction to DSfW
• DSfW is a set of tech that allows OES to present itself as AD
• Setup non name mapped to get familiar with the technology
• Use IDM to provision users and groups
• AD trusts
• No MS-licensing
• Complicated piece of technology, a lot can go wrong
• That’s why Non-Name Mapped is a good idea
3. Benefits
• AD applications integrate very easily
• eDir still outperforms AD by a couple of factors
• eDir style management, got to hate MMC
• Most of it is technology known to you
4. Downside
• Troubleshooting can be hard
• MS points at Novell/NetIQ and vice versa
• xadcntl restart usually fixes things
• Non Name Mapped doesn’t break as much
5. Key components
• eDirectory!
• Kerberos Key Distribution Center
• NMAS extentions to update AD-credentials when UP is changed
• AD Provisioning Handler/DS Agent: AD security & information model,
makes sure users and groups have SIDs
• Domain Services Daemon: Windows RPCs, LSA, SAM & NetLogon
• NAD Virt. Layer: Virtualises AD Inf. Mod. for LDAP
• CIFS/DDNS/NTP
6. Preparing
• Choose a domain name
• .local is not supported but it does work, see support.novell.com for
info on how to configure DNS
• dsfw.yourdomain.tld or ad.yourdomain.tld or blah.yourdomain.tld
• Create glue records in your current DNS infrastructure
• Do it multiple times to get the hang of the technology
• Update
• Static IP
• /etc/resolv.conf points to 127.0.0.1
7. Make it easy!
• Use a VM, either in ESXi, Workstation, VirtualBox or Hyper-V
• OES11SP2
• Use pvscsi and vmxnet3 for performance
8. Installation
• Just select the DSfW pattern
• I always install iManager as well
• Let’s walk through the installation
48. What’s next?
• Connect AD-enabled applications
• Fill your AD with users
• Use MMC or iManager to manage users
• Wait for OES-Next to get your NSS filesystems in there ;)