Hi All-
For those of you who know a little about LDAP's and Windows logons, I've got a dilemma.

The computer lab I work in at school is only for certain students - business, math and computer science majors and also for students in classes in those areas who are given permission to use the lab. These are 36 Win98 machines. What I would like to do is set up an LDAP server in our server room, running Windows NT or 2000 and Netscape Directory Server. I would like to set up this LDAP and give each student (who has lab permissions) his or her own logon name and password to use these computers. Then, in turn, the general strategy is to set up Windows 98 to authenticate logins from the LDAP, not locally, and disallow any logins that are not valid users in the LDAP. I know Win2K has an authentication scheme to accomplish this but unfortunately our school does not have the budget to go to Windows 2000 or NT on all these machines.

Is there a program I can use to do this? Or some setting in Windows Networking properties? Ideally the users would just be able to log in and log out of Windows and that the machines would not have to be restarted. Any help would be appreciated. Thanks.

SickBoy

first i am a MCSE student i've got my MCP and i've finished all core courses ( 4 courses) and now i am taking my electives.
so now as i've understand u wonna have a domain authentication in a workgroup enviroment. this can't be done!
and i don't know what u mean by an LDAP server the LDAP ( lightweight directory acces protocol) is a protocol used to register services in the DNS server so that computers can allocate the required server to achieve a certain task ( mail, domain controller , etc...).
and i think u mean users account database not the LDAP.
sorry i don't know how to solve ur problem but ur probably asking from win98 more that it can handle.
i finnally really recommand u to go for a win200 server solution it's so powerfull and "easy" to operate and u will have a clearer and more stable enviroment to work with.
hope that i helped .
see ya

Originally posted by SickBoy
I know Win2K has an authentication scheme to accomplish this but unfortunately our school does not have the budget to go to Windows 2000 or NT on all these machines.

Nope. Can't go to Win2K. That's why I am asking for help, maybe someone knows of a 3rd party solution. Thanks.

:rolleyes: :mad:

My old school did something like this! They had Win95 and a WinNT server and used some third party's authenication program to make scripts for different users. I will try to remember the name of the program.

This Might Help (http://www.freewarefiles.com/programs.php?ProgramID=1419&categoryid=9&subcategoryid=95) but who knows

Thanks for the tip, Unseen..... I'll see what I can do with it.

SickBoy

My School used win95 machines w/ WinNT4 domain logins.
They used the policy editor to lockout anything we shouldn't be using, and used something called KIX to create a profile and write stuff to the user profile during the NT logon script.

I like your name, su root.....

Did a little Unix stuff this summer for my internship and I finally got SU2 privileges at the end of the summer...

SickBoy

I want to get it on my licence plate :)

I'm kind of lost where you are. Are these 36 machines connected to a server anywhere? Or do they just use a workgroup?

They're on a Novell network I think.....

Well if you didnt mind segregating them from the novell end, it would be very simple to add an NT/2K server to the segment and use it to authenticate the 36 machines with user level shares. I'm still kind of lost at what kind of security you're trying to implement. If they're on a Novell network, you could just as easily authenticate on that system, or is that a server that you don't have admin to? I'll try to help if I can! :)

They have a machine-specific Novell logins.... each student does not have a novell login. And no, I dont have admin access to Novell. I can unlock individual machines to adjust settings and stuff but not full admin access. I just need a program that locks the screen or something so the computer can't be used until a valid username and pass is entered. And hopefully it would connect to some sort of central server to authenticate so that we wouldn't have 36 seperate lists of users to update. So thats my problem. We can't install any other OS. In fact, our budget is so small that we almost cant afford printer paper. SOOO.... thats the story

In case anybody cares, the program my school district uses is called Visual Casel Utilities. The Win95 computers log onto a WinNT server and the WinNT server writes the desktop and start menu for the machine.

Sounds like you're kind of stuck, I dont know of any app that will do restrictions with a central admin without running through a server to begin with.

Theres a program called Full Control located here: http://www.bardon.com/fullctl.htm It implements restrictions upon startup but it has to be setup through the user manager for a login.bat to execute. Sooo, no 2k/NT= no Full Control

You could do policy editor on a server or locally, but same thing for that, if you want it managed centrally, it has to be done through a server otherwise its ran on each individual machine which = much admin.

How about password protecting the screensaver and putting a shortcut to the screen saver in the 'startup' folder so that it starts soon as windows boots, that in itself is a little more secure than the Windows 98 login screen password (mind you a packet of crisps are more secure) and offer you limited security

Just an idea

We tried the screensaver thing... people didn't have any shame about sharing passwords... we were hoping that if they were using their email password to log on that they wouldnt share.