Re: Solaris 9 authentication and access control into Active Directory

From: Kai Howells (kai_at_rocketcat.info)
Date: 09/15/04

  • Next message: Ted Rodriguez-Bell: "RE: Solaris 9 authentication and access control into Active Direc tory" 
    Date: Wed, 15 Sep 2004 16:12:26 +1000
To: Erwin Fritz <efritz@GLJA.com>

    Okay, basically I don't believe that what you want to do can be done
    out of the box.
    I've done a fair bit of work along these lines, except using Mac OS X
    to auth to AD.

    The most reliable way to do it is to extend the schema in AD to add a
    few essential unix fields, like UID. Alternatively, if you're actually
    on OS X (not Solaris) there's some 3rd party software that helps things
    greatly, but that's no help to this discussion.

    The main problem with this (extending the schema) is that it scares the
    MCSEs - never mind that installing Exchange adds another 100+ objects
    to the schema, it all happens behind the scenes.

    On this page: http://www.shukwit.com/index.php is a whole heap of stuff
    from a dude at Apple who's delving far deeper into AD/LDAP than I ever
    want to go, but he's come up with some scripts that are pure gold.
    There are even some DLLs that extend the manage Users thingy in Windows
    Server to add another pane to the window with the Unix/Mac specific
    fields so you can easily populate them, as well as scripts to add the
    necessary changes to the AD schema.

    Now, I've used all this with Mac OS X, and it seems to work quite well
    in my test environment, but haven't tried to use Solaris to auth to it,
    although *in theory* it should all work =)

    Cheers,
    Kai

  • Next message: Ted Rodriguez-Bell: "RE: Solaris 9 authentication and access control into Active Direc tory"

    Relevant Pages

    • upgrade a Windows 2003 DC to R2
      ... I am trying to upgrade a Windows 2003 DC to R2 and I am getting this error ... when doing adprep forestprep. ... "attributeId" attribute value for objects defined in Windows 2000 schema ... Adprep cannot extend your existing schema ...
      (microsoft.public.windows.server.active_directory)
    • Re: Upgrading Windows 2003 Server SP1 to R2
      ... Before running adprep, all Windows 2000 domain controllers in the forest ... If ALL your existing Windows 2000 domain controllers meet this requirement, ... extended schema do not ... Adprep cannot extend your existing schema ...
      (microsoft.public.windows.server.active_directory)
    • Re: upgrade a Windows 2003 DC to R2
      ... My mistake because I saw the warning "all Windows 2000 domain ... >>> when doing adprep forestprep. ... >>> A previous schema extension has defined the attribute value as ... >>> Adprep cannot extend your existing schema ...
      (microsoft.public.windows.server.active_directory)
    • Schema errors when trying to update for 2003 R2
      ... I'm getting some errors when I run adprep /forestprep from CD 2 of 2003 ... At the moment we have 5 domain controllers, four are running Windows ... I then installed AD on it and transferred the Schema Master ... Adprep cannot extend your existing schema ...
      (microsoft.public.windows.server.active_directory)
    • Changing schema entries, issues with adprep /forestprep in upgrade to R2
      ... Windows 2003 native domain/forest for three years and do not understand the ... I have listed the errors below as they appear when I run "adprep ... the schema entries listed, but to what do I change them to? ... Adprep cannot extend your existing schema ...
      (microsoft.public.windows.server.active_directory)