Microsoft offers three services that allow Windows 2000 to provide both authentication and resource access capabilities to heterogeneous networks. They are the following:
NOTE
Services for NetWare 5.0 and Services for UNIX 2.0 are add-on products that you have to purchase from Microsoft. You can find more information on them by going to http://www.microsoft.com and searching for "Services for NetWare v5.0" and "Services for UNIX 2.0."
The following sections outline the features that each service provides and describes where to use these services in your network security design to allow secure access between the network systems.
After this lesson, you will be able to
Estimated lesson time: 30 minutes
You can use AppleTalk Network Integration Services to allow Macintosh client computers to securely access resources in a Windows 2000 network. The services that provide this functionality are included with Windows 2000 and are named File Services for Macintosh and Print Services for Macintosh.
NOTE
File Services for Macintosh and Print Services for Macintosh were formerly known as Services for Macintosh. File Services for Macintosh allow Macintosh users to authenticate with the network and access file resources by creating Macintosh-accessible volumes. Print Services for Macintosh allow Macintosh users to access print servers in a Windows 2000 network.
Microsoft Services for NetWare 5.0 is an add-on product that allows integration of Windows 2000 and Novell NetWare networks through the following utilities:
NOTE
MSDSS also allows synchronization between Active Directory and Novell Bindery Services available in NetWare 3.x and older.
Microsoft Services for UNIX version 2.0 is an add-on product that allows the integration of Windows 2000 and UNIX clients in a single network. Services for UNIX 2.0 includes the following components.
When designing secure integration between a Windows 2000 network and a non-Microsoft operating system, consider the points shown in Table 16.1 when using additional services to provide interoperability.
Table 16.1 Planning Services for Heterogeneous Connectivity
Use | In These Circumstances |
---|---|
File Services for Macintosh | To allow Macintosh clients to access file resources stored on a Windows 2000 Server To securely authenticate Macintosh users accessing the network |
Print Services for Macintosh | To allow Macintosh users to print to Windows 2000 hosted print servers |
Microsoft Directory Synchronization Services | To securely synchronize password information between Active Directory and a NetWare NDS or NetWare Bindery directory |
File and Print Services for NetWare | To allow NetWare clients to authenticate with a Windows 2000 Server and access resources on the Windows 2000 Server using native NetWare utilities |
NIS Services | To allow UNIX clients to authenticate with Active Directory when accessing NFS resources To import existing UNIX NIS source files into Active Directory |
NFS Services | To allow UNIX clients to access Windows 2000 resources using native NFS clients To allow Windows 2000 clients to access NFS resources on a UNIX NFS server directly using the NFS client or indirectly using the NFS gateway |
Two-Way Password Synchronization | To synchronize user passwords between the UNIX and Windows 2000 environments |
User Name Mapping | To allow Windows 2000 users to connect to UNIX NFS resources using their Windows 2000 credentials |
The Blue Yonder Airlines network requires services to integrate Macintosh, NetWare, and UNIX users into their network while maintaining security.
For Macintosh users, Blue Yonder must use File Services for Macintosh to ensure that Macintosh users have access to the data stored on the BYDATA server by authenticating with the Windows 2000 network.
The NetWare resources at Consolidated Messenger should eventually be migrated to Windows 2000. You can use MSDSS during the premigration stage to ensure that user account passwords between NDS and Active Directory are synchronized. You must install FPNW on the BYDATA server so that NetWare clients at Consolidated Messenger can connect to resources using native NetWare clients.
Deploy the NFS components from Services for UNIX 2.0 to ensure interoper-ability for the UNIX installations. The NFS client allows Windows 2000 users to access scheduling and status reports on the UNIX NFS server. The NFS Server allows UNIX clients to connect to the BYDATA server using UNIX NFS clients. To ensure interoperability, deploy Two-Way Password Synchronization to maintain the same password on both systems and User Name Mapping to allow UNIX UIDs to be associated with Windows 2000 user accounts for providing authorization to data stored on the BYDATA server.
A number of services allow Windows 2000 networks to interoperate with heterogeneous networks in a secure manner. By deploying AppleTalk Network Integration Services, Microsoft Services for Netware, or Microsoft Services for UNIX, you ensure that authentication and resource access by heterogeneous clients use the same security model as Windows 2000 clients.