Solaris 10 and Active Directory
Check out the new bigadmin article written by me and Wajih that describes how to integrate a Solaris 10 08/07 OS client with Microsoft's Active Directory using Kerberos and LDAP. In this article, the Solaris LDAP client uses "per-user authentication (a.k.a. self-credentials)" which means name service related LDAP lookups are performed by binding to AD as the user who is requesting the corresponding information. Prior to Solaris 10 08/07 these lookups were done using a proxy account. The article shows how to configure Solaris as a LDAP client of AD server that uses SFU as well as of AD server that has Identity services for Unix enabled. The article uses a script called adjoin which automates the process of joining Solaris client to a AD domain. This script was originally written for the Winchester project by Nico Williams. Note that this script is a proof-of-technology and not supported by Sun. Without this script you will have to manually configure your Solaris system as a Kerberos client of AD. There is an Opensolaris project which is currently integrating the domain-join functionality from the adjoin script into kclient(1M). See kclientv2.
![[RSS Newsfeed]](/themes/sotto/images/valid-rss.png)
![[This is a Roller site]](/themes/sotto/images/roller-logo.gif){kind=logo}
Finally! I'd been asked about this a couple of times and the answer was always troublesome. This is definetly a nice-to-have
Posted by Oscar on March 25, 2008 at 06:27 PM PDT #