Solaris 10 and Active Directory

Check out the new bigadmin article written by me and Wajih that describes how to integrate a Solaris 10 08/07 OS client with Microsoft's Active Directory using Kerberos and LDAP. In this article, the Solaris LDAP client uses "per-user authentication (a.k.a. self-credentials)" which means name service related LDAP lookups are performed by binding to AD as the user who is requesting the corresponding information. Prior to Solaris 10 08/07 these lookups were done using a proxy account. The article shows how to configure Solaris as a LDAP client of AD server that uses SFU as well as of AD server that has Identity services for Unix enabled. The article uses a script called adjoin which automates the process of joining Solaris client to a AD domain. This script was originally written for the Winchester project by Nico Williams. Note that this script is a proof-of-technology and not supported by Sun. Without this script you will have to manually configure your Solaris system as a Kerberos client of AD. There is an Opensolaris project which is currently integrating the domain-join functionality from the adjoin script into kclient(1M). See kclientv2.
Comments:

Finally! I'd been asked about this a couple of times and the answer was always troublesome. This is definetly a nice-to-have

Posted by Oscar on March 25, 2008 at 11:27 AM PDT #

Post a Comment:
Comments are closed for this entry.
About

baban

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today