Doubts have arisen over whether Microsoft will support NT users who load Novell’s directory product NDS for NT.
Microsoft says Novell’s NDS for NT alters the Windows NT Server 4.0 directory and security infrastructure, though Novell strenuously denies this. “NDS for NT makes very serious changes to Windows NT Server,” says Microsoft New Zealand marketing manager Guy Haycock.
“As a result, Microsoft can’t provide technical support for security and authentication issues of any kind, and for blue screens where the SAMSRV.dll and SAMLIB.dll [dynamic link libraries] are in the stack trace.
“There may also be other scenarios that arise from the use of NDS for NT that have not yet been identified for which Microsoft cannot provide technical support.”
Microsoft revealed its policy in a document on its Web site, saying that NDS “replaces critical NT system DLLs associated with authentication and security”.
The statement goes on to say that replacing these DLLs can render the system less reliable and secure, can ruin upgrades from Windows NT Server 4.0 to 5.0, and can prevent the application of NT service packs.
However, Novell rigorously disputes this. In a counter-document on its Web site Novell says NDS for NT replaces only one DLL, the SAMSRV.dll.
On whether NDS for NT makes customers’ systems less secure, the document says: “On the contrary, NDS for NT replaces a single DLL on NT domain controllers, redirecting account information from the registry-based domain into NDS. NDS for NT does not impact any of the NT system security services, only a single DLL responsible for storing and fetching domain account information out of the registry. All NT authentication and security functions are handled by other systems within NT, and are not affected by NDS for NT.”
Novell New Zealand general manager Peter Revell says Microsoft’s intentions are more anti-competitive than technical.
Referring to the Microsoft document, he says: “There are blatant inaccuracies and blatant mistruths. The claims Microsoft has made regarding technical problems relative to NDS for NT are not true. Novell has fully tested the product and the Microsoft claims are apparently not well researched. The issues with regard to security are completely wrong. I just hope people don’t take this at face value.
“Microsoft doesn’t take such a view on other third-party applications for NT. The true basis for what it is doing is anti-competitive. People should talk to Novell to find out the real facts. I also encourage our mutual customers to voice their dissatisfaction to Microsoft regarding this issue.”
Novell’s Web-site counter-statement says, “We will especially support the one DLL that we have enhanced, the SAMSRV.dll, which allows NT Server and NT Server applications to take advantage of NDS. We will also try to answer any questions we can about the SAMLIB.dll, which we have not altered at all. As to any security-related concerns, we have wrapped NDS security around the domain information and left NT’s security model untouched.
“Novell and Microsoft have discussed technical training to provide Microsoft the information they need to support NT Server running NDS for NT. Novell support has extended an open invitation to Microsoft for the necessary NDS for NT support training and we will send someone to work with them provided the
The directive from Microsoft is clear: for a full directory service, wait until Microsoft releases its active directory service in the forthcoming version of Windows NT 5.0. This is now slated for the end of the year, but NT version 5.0 already has a history of delayed shipping dates.
Meanwhile, customers with mixed Unix, NetWare and NT environments are likely to be most affected by Microsoft’s policy. Novell’s NDS supports NetWare, most flavours of Unix and NT, enabling IT managers to bring all systems under one management platform. Even when it ships, Microsoft active directory will support NT only.