Solaris 10 and Active Directory
By baban on Mar 25, 2008
Check out the new bigadmin article written by me and Wajih that describes how to integrate a Solaris 10 08/07 OS client with Microsoft's Active Directory using Kerberos and LDAP. In this article, the Solaris LDAP client uses "per-user authentication (a.k.a. self-credentials)" which means name service related LDAP lookups are performed by binding to AD as the user who is requesting the corresponding information. Prior to Solaris 10 08/07 these lookups were done using a proxy account. The article shows how to configure Solaris as a LDAP client of AD server that uses SFU as well as of AD server that has Identity services for Unix enabled. The article uses a script called adjoin which automates the process of joining Solaris client to a AD domain. This script was originally written for the Winchester project by Nico Williams. Note that this script is a proof-of-technology and not supported by Sun. Without this script you will have to manually configure your Solaris system as a Kerberos client of AD. There is an Opensolaris project which is currently integrating the domain-join functionality from the adjoin script into kclient(1M). See kclientv2.