Initially, Novell NetWare was the only networking show in town. When people thought about PC networks and servers, NetWare was the first name that came to mind. Then Microsoft's Windows NT became the new kid on the block. This kid quickly became popular, putting Novell and Microsoft at odds. Microsoft claimed that NT was better than NetWare; Novell argued that NetWare had been the people's choice for years. So Novell and Microsoft tried to distinguish themselves by making their products incompatible.
As time passed, Novell and Microsoft realized that, because they were living in the same neighborhood, they needed to get along. Their customers sometimes had mixed networks, so Novell and Microsoft realized that they had to develop utilities that integrated the two networking environments to keep these customers and gain new ones.
Novell developed integration tools, such as Novell Directory Services (NDS) for NT and the 32-bit redirector for NT. Microsoft developed integration tools, such as Client Service for NetWare (CSNW), Gateway Service for NetWare (GSNW), Migration Tool for NetWare, and Services for NetWare 4.0, the focus of this article. To learn about the other integration tools, see the sidebar "Related Articles in Windows NT Magazine" (page 212).
Services for NetWare is an add-on product that provides enhanced multiprocessor support, Windows 95 remote administration tools, and other features. Before you learn about these features, you'll want to know about several capabilities built in to NT Server 4.0 and NT Workstation 4.0: NWLink IPX/SPX protocol, CSNW, GSNW, and the Migration Tool for NetWare.
NWLink IPX/SPX protocol.
NWLink is Microsoft's 32-bit implementation of the IPX/SPX protocol that NetWare servers use by default. Microsoft network clients can use NWLink to communicate with NetWare servers. Conversely, NetWare clients can connect to NT servers running NWLink to access client/server applications. Table 1 shows the protocols and services you need for interoperability between Windows and Net- Ware. All the tools that run on NT machines and that I describe here require NWLink.
This 32-bit NetWare redirector lets an NT workstation access file and print services on NetWare 2.x, 3.x, and 4.x file servers. CSNW supports NetWare 4.x NDS servers in NT 4.0. CSNW runs on NT workstations but not NT servers.
This service provides redirector capabilities (similar to those of CSNW), and it can act as a gateway to NetWare file and print services for any Server Message Block (SMB) client, such as Windows for Workgroups (WFW). GSNW runs on NT servers but not NT workstations.
When you run GSNW on an NT server, you can use NT as a gateway to NetWare 2.x, 3.x, and 4.x servers. When you run GSNW on an NT server, you get support for NetWare 4.x NDS servers. With this setup, you can browse NDS resources, get authentication by multiple NDS trees, process logon scripts, and use NDS printers.
If you have clients that require dual redirectors to connect to NT and NetWare servers (e.g., WFW clients), you can take advantage of GSNW. With this gateway service, you can access file and print services on NetWare with only one redirector. When GSNW is running on an NT server, Microsoft network clients do not need additional software on the client (i.e., the redirector) or the NWLink IPX/SPX protocol. They require a common protocol only with the NT server (e.g., TCP/IP).
Migration Tool for NetWare.
This utility lets you migrate NetWare users, groups, folders, files, and access control lists (ACLs) to an NT environment. You cannot migrate passwords because NetWare's Bindery is different from NT's Registry. However, the utility presents several options to handle passwords, making the migration easy.
You can run trial migrations with this utility. Several logs help you view the potential outcome and correct possible problems before you conduct the full-scale migration.
Services for NetWare
Before the release of NT 4.0, Microsoft offered File and Print Services for NetWare (FPNW) and Directory Service Manager for NetWare (DSMN) as separate products. Microsoft now packages the two products as Services for NetWare.
With DSMN, you need a client access license only if you are using NT Server basic network services. However, if you install FPNW, you must purchase a client access license for each NetWare client accessing an NT server running FPNW. Services for NetWare does not require a separate client access license.
An NT server running FPNW will look like a NetWare 3.12 server to NetWare clients. Thus, if you are running NetWare 2.x, 3.x, and 4.x (in bindery emulation), you can seamlessly integrate NT servers in your existing environment without modifying the NetWare client software. This seamless integration benefits NetWare shops in many ways. The shops can use FPNW during their migration from NetWare to NT. Or if shops want to take advantage of NT Server's features without giving up their NetWare environment, they can use FPNW to integrate NT into their existing networks. In such a network, NetWare clients can use NT Server's file and print services. They can print to a NetWare-compatible printer attached directly to the network that the NT server services, or they can print to a local printer attached to an NT server that acts as a print queue. NetWare clients can also use various NT solutions, such as Services for Macintosh, SQL Server, SNA Server, and Remote Access Service (RAS). They can even take advantage of Internet Information Server (IIS) and FrontPage for intranet solutions.
An NT server running DSMN lets you manage a mixed environment of NetWare and NT servers from a central location. DSMN supports NetWare servers running 2.x, 3.x, and 4.x (in bindery emulation), and you don't have to install additional software on those servers for DSMN to work.
An important feature of DSMN is single-point administration of user accounts. If you have only NetWare 2.x or 3.x servers and have not switched to NetWare 4.1 and NDS, you probably have numerous duplicate user accounts. DSMN lets you consolidate NetWare 2.x and 3.x binderies into an NT domain, so you need just one user account and password for each network user.
DSMN supports remote administration from an NT or Win95 machine. When you install Services for NetWare, the setup program installs 32-bit User Manager and Server Manager tools for remote management. You can then use an NT or Win95 remote machine on your LAN or a remote dial-up service to manage your users and group accounts. If you are using a Win95 machine, DSMN will prompt you to re-enter your password when you log on because Win95 is not as secure as NT. This extra security measure prevents unauthorized users from administering the network.
Although remote administration can be handy, it also can be problematic. If you use previously released versions of remote administration tools when working with Services for NetWare, these tools can corrupt the NetWare-compatible user accounts on your FPNW servers. Use only the updated versions on the Services for NetWare CD-ROM.
You might encounter another problem if you are running DSMN on NT Server 4.0. If you use User Manager for Domains to view, add, or modify the dial-in properties of a user, NT 4.0's rassapi.dll will cause NT to delete that NetWare user account from all servers that NT is managing. Microsoft discusses this problem and its fix in the article "DSMN RAS Dial-in Properties Deletes NetWare Compatibility" (article Q169822) at http://support.microsoft .com/support/kb/articles/q169/8/22.asp.
Another important feature of DSMN is trial synchronization. After a trial synchronization, you can read the logs and correct any errors. Once you are satisfied with the trial results, you can run the full-scale synchronization.
DSMN makes life easier for network administrators and users. Users need to remember only one account name and password. They can access file and print services on NetWare and NT servers with a single logon. They can even use NT's chgpass utility to simultaneously change their password on NT and NetWare because DSMN propagates the change to the NetWare servers.
Installing and Configuring FPNW
Although Services for NetWare packages FPNW and DSMN together, you need to install them separately. FPNW's installation is the more complicated of the two.
Do not install previous versions of FPNW on NT Server 4.0. You should run only FPNW 4.0 or later. Microsoft provides FPNW 3.51 on the Services for NetWare CD-ROM only for backward compatibility.
To install FPNW, open Control Panel, Network. On the Services tab, click Add. In the Select Network Service dialog box, click Have Disk, even if you see File and Print Services for NetWare in the Network Service list. Insert the Services for NetWare CD-ROM, type the path to it, and click OK. Select File and Print Services for NetWare, and click OK. A screen showing FPNW's installation options will appear.
As Screen 1 shows, you first need to specify where FPNW can create its directory structure. The default SYSVOL directory is similar to NetWare's SYS direc- tory structure and contains the subfolders \SYSVOL, \PUBLIC, \LOGIN,\MAIL, and \SYSTEM. The directory you specify must be on an NTFS volume. Otherwise, you can't take advantage of NTFS's file- and directory-level security.
Next, in the Server Name dialog box, enter the name (in capital letters) of the server that will run FPNW, followed by _FPNW. In the example in Screen 1, FPNW will run on a server named dolphin so the Server Name entry is DOLPHIN_FPNW.
You must type the Supervisor Account's password and confirm it. If you are installing FPNW on a domain controller, you will also need to enter an FPNW account password. This account runs the FPNW service.
Finally, choose one of three tuning options. If you select Minimize Memory Usage, FPNW's performance will slow. You might choose this option if you plan to use the server for something other than file and print services (e.g., running server applications). If your server is pulling double duty (e.g., running applications and providing file and print services), select Balance between Memory Usage and Performance. For situations in which the server is primarily a network file and print server, select Maximize Performance so that FPNW will use more memory than the rest of the system resources.
During installation, FPNW automatically adds several extensions that let you secure access to volumes and manage user connections. These extensions are available under File Manager, User Manager, and Server Manager on your NT server. After installation is complete, you can configure FPNW by going to the Services tab in Control Panel and selecting Network, File and Print Services for NetWare, Properties.
You can use User Manager for Domains to set up and maintain user account information. For example, as Screen 2 shows, you can set account information that applies to users logging on from NetWare clients. If you select Maintain NetWare Compatible Login in the User Properties dialog box and you select the NetWare Compatible Password Expired check box in the NetWare Compatible Properties dialog box, users must change their password at their next logon from a NetWare client machine. If you select the NetWare Compatible Password Expired option, make sure the users have at least one grace logon so that they can log on and change their password. In addition to specifying the number of grace logons, you can limit users' concurrent connections to the server and edit users' personal logon scripts. (Do not use the Edit Login Script button to edit a server's system login script. Instead, use Notepad or another text editor to edit NET$LOG.DAT, which resides in the SYSVOL\PUBLIC folder.)
When configuring the various FPNW options, you need to make sure you don't select two mutually exclusive options: the Users Must Log On In Order To Change Password box in Account Policy and the User Must Change Password at Next Logon box in User Properties. If you select both, users cannot change their password after they log on to the server.
Before you install DSMN, you need to make sure that GSNW is installed on the same machine where you will be installing DSMN. By default, DSMN lets you synchronize user accounts between NT server domains and NetWare 2.x and 3.x servers only. To add NetWare 4.x servers running in bindery emulation, you must modify the Registry. In the Registry setting \HKEY_LOCAL_ MACHINE\SYSTEM\CurrentControlSet\ Services\MSSYNC\Parameters, you need to add the Allow4X value (REG_DWORD data type) and set its data to 1.
You install DSMN like you did FPNW, except that you select Directory Service Manager for NetWare from the Services for NetWare CD-ROM and provide a DSMN user account password. DSMN will start automatically after you reboot. DSMN runs only on Primary Domain Controllers (PDCs), but you can install it on any domain server. Installing DSMN on one or more Backup Domain Controllers (BDCs) for fault tolerance is a good idea. You can also install DSMN administrative tools so that you can remotely run DSMN on any domain server on your network. You install this option by selecting the Directory Service Manager for NetWare Administrative Tools Only option from the Services for NetWare CD-ROM.
After installing DSMN, you copy NetWare user and group information to NT Directory Services so that you can maintain one user account and password for each network user. These NetWare-compatible user accounts adhere to the account policy of the NT Server domain.
You maintain user accounts from NT's User Manager for Domains. DSMN then propagates changes to the NetWare servers. DSMN gives you several options for setting up initial passwords, handling account deletions, and selecting which accounts to propagate.
A Winning Combination
Microsoft and Novell have finally learned to get along. Novell offers several products that integrate NT in a NetWare environment, thus enhancing your NetWare network with NT features. Microsoft also offers several tools to enhance interoperability. Microsoft bundled some of these utilities, such as CSNW, GSNW, and Migration Tool for NetWare, with NT 4.0. Others, such as FPNW and DSMN, are add-ons.
Because Microsoft and Novell are getting along, companies are no longer forced to make an all-or-nothing decision if they like the features of both NT and NetWare. These companies can take advantage of both systems' features. They can also avoid high migration costs and help lower operating and management costs by eliminating duplication of effort. Whether the companies use Services for NetWare or another integration tool, they will find comfort in knowing that their NT and NetWare servers can work alongside one another.