RE: your mail

Dale E. Reed Jr. ( (no email) )
Wed, 18 Feb 1998 11:33:46 -0800 ()

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Previous message: Christian Schmit: "Cold Fusion or ASP"
Next message: Dale E. Reed Jr.: "Re: Cold Fusion or ASP"
In reply to: Seth Crimmins: "RE: your mail"

On Wed, 18 Feb 1998, Seth Crimmins wrote:

> It is not possible (without causing a great deal of work) to not use SAM
> when using NT. I have IMail server and RADIUS that needs a user list. And
> my FTP service requires a user list, and the WebPage directories need
> permissions set on them for each user, which can only be obtained from the
> SAM. I don't see how you can run NT without a SAM? I realize there are
> other "advanced" OSes but that is not an option in my case.

If you are talking about your particular installation, then sure.
But your statement above "when using NT" is then mis-leading.
We have tons of customers NOT using the NT SAM and "using NT".
Our solution is more scaleable, more robust, and more secure (and
much less troublsome). Also, we are not talking about Running
NT w/out SAM itself, just all the applications and users (like
Mail, FTP, RADIUS, etc).

> I guess my original letter would be more understandable, if I got into
> detail. What I am doing is writing a function that first adds a user to the
> domain, then adds them to certain groups on the domain, then creates a
> directory for their web page, then sets permissions for that directory. I
> have this procedure written and "working", it is just that setting
> permissions sometimes does not work because the system doesn't think the
> user exists "yet". It can take anywhere from 2 seconds to 2 minutes.
> (Setting a 2 minute timer is ridiculous)

In your implementation, you are creating a security issue when
you add users to the NT SAM. With Emerald, everything authenticates
from a SQL Server database, therefore the users are NOT in the
NT SAM. Your applications (like FTP, Mail etc) run as a minimal
access user. They use information out of SQL Server to allow
access to files, etc. It doesn't require changing permissions
every time you add a user. It just always makes me cringe when
someone says they are using the NT SAM for this stuff. :(

Dale E. Reed Jr. (daler@iea-software.com)
_________________________________________________________________
IEA Software, Inc. | RadiusNT, Emerald, and NT FAQs
Internet Solutions for Today | http://www.iea-software.com

Previous message: Christian Schmit: "Cold Fusion or ASP"
Next message: Dale E. Reed Jr.: "Re: Cold Fusion or ASP"
In reply to: Seth Crimmins: "RE: your mail"