Authenticate to a 2k server? PLEASE help with this, its a tough one.

[Direwolf20]

Background:

I have software on a bunch of workstation PC's (winXP) which is set up to look at my server via the UNC path \\servername\sharename. The thing is, the software doesn't have any way of logging into the server with a username/password, so the workstation PC that uses the software needs to authenticate to my server before it can use the software properly. We're running Novell, but novell is NOT on this particular server. The users have to change their novell password (and subsequently their PC password gets sync'd) every 30 days.

Current Method:

The current method is to create a drive mapping (telling it to reconnect at login), with a username and password (saved) for each user that never changes. The users are all created on my server as power users with the correct access to shares, yada yada yada. This works pretty well. I'm doing the drive map so they won't have to manually login to the server every day. There are currently 10 users, and i have to fix their drive mappings at least 2-3 people a week.

The problem :

We're going to be having 50-75+ users soon. For audit reasons, I now need the users to change their password on the server every 30 days. I figured I would instruct them on how to Ctrl-alt-delete, change password, select the share name, and yada yada. This, therefore, will cause the users to have to change the setup for their drive mapping (unmap the drive, remap the drive, type in the new password, and tell it to save). This, literally, is a NIGHTMARE. You guys know what the average "user" is like. I do NOT want to have to teach them all how to change their password on the server and then change their drive mapping setup.

Request:

Does anyone have either
A) A good, EASY way for users to change their password on a server from their workstation, and then get the drive mapping to stay. I figured I could have it NOT save the password on the workstation, and then have them keep the password on the server the same as their workstation password. That way when it maps, it uses the current login/pass. The problem is the users are not good at changing their passwords on time, and I know this will cause equally as many problems.

B) Another way to authenticate to a windows share. All the software needs is authentication to the server. It handles the rest. Is there ANY other way to authenticate to a windows share other than doing a drive mapping?

I know this is a long request, and if noone has any good ideas, its ok. I guess I'll figure something out. But you guys here usually tend to be pretty bright, so I figured I would post this here and request it. A huge THANK YOU in advance for even reading this.

 

[deuce868]

I think your best bet is to set them up to joind the domain and manage users with AD.

 

[j4zzee]

It sounds like NDS/eDirectory is your primary network with a windows app server and no domain?

Novell Account Management Tools, or it might be called eDirectory Account Management Tools now... I think can address your issues? not totally sure on this one

 

[oakfan52]

I would move to an AD domain then look at the suggestions in this thread. http://www.hardforum.com/showthread.php?t=764569 . What you want should be that hard to do.

 

[Direwolf20]

Yea, J4zzee has it right. We have most of our computers (users workstations and stuff) on a novell network (NDS). But the server that I want them to connect to does not have novell installed on it, and we really can't put it on.

I'd like to avoid AD if possible. I figured it could be done with that, but don't want to have to buy and set that all up for this one problem. We're already established with novell and don't really want to change.

Thanks for suggestions, I'll look into what you said J4zz.

J4zz, to your knowledge, does Novell's client need to be installed on my server to take advantage of eDirectory?

 

[ameoba]

Umm...

So you have NDS running on everything -except- this one server that holds some program & you want users to have to authenticate to get the programs off the server?

I see 3 options

* Join the server up with the rest of the systems on NDS
* Move the files to a server that's already set up with NDS.
* Set up the server to not require any auth.

Doing anything else becomes an ugly hack pretty quick.

 

[Direwolf20]

I agree ameoba. Believe me if I had my way, I would GLADLY choose any 3 of these options. However, because of our contracts and the way this system is setup, and the rules these people gave us for this system (read: weak system design) we HAVE to do it this way.

I think they expect most people to have AD setup, but we don't so their system doesn't work as cleanly. With AD this would be a breeze me thinks.

 

[Qualm]

This probably isn't a terribly helpful comment, but I would consider re-thinking your need to have users change their passwords every 30 days. In my experience forcing users to do that just makes them write their passwords down somewhere close at hand ... which makes this scheme LESS secure than forcing them to have an unchanging, but complex/lengthy password.

User-level security is also usually better done in other ways, like defining roles, departments, etc. and implementing security based on that rather than frequent password changes.

Just an aside.

- Qualm

 

[j4zzee]

...to your knowledge, does Novell's client need to be installed on my server to take advantage of eDirectory?

client32 does not have to be installed on the windows server to gain access to NDS resources. Client & Gateway services for Netware by Microsoft would allow you access netware files and your ndps printers on the server

The part I am not sure on is whether or not Novell's available tools can sync local workgroup accounts on a windows server that is not on a domain? If it is on a domain, Novell;s tools work great.

sorry I can't really give you an answer..