Re: Solaris 9 authentication and access control into Active Directory

From: Kai Howells (kai_at_rocketcat.info)
Date: 09/15/04

  • Next message: Ted Rodriguez-Bell: "RE: Solaris 9 authentication and access control into Active Direc tory"
    Date: Wed, 15 Sep 2004 16:12:26 +1000
    To: Erwin Fritz <efritz@GLJA.com>
    
    
    

    Okay, basically I don't believe that what you want to do can be done
    out of the box.
    I've done a fair bit of work along these lines, except using Mac OS X
    to auth to AD.

    The most reliable way to do it is to extend the schema in AD to add a
    few essential unix fields, like UID. Alternatively, if you're actually
    on OS X (not Solaris) there's some 3rd party software that helps things
    greatly, but that's no help to this discussion.

    The main problem with this (extending the schema) is that it scares the
    MCSEs - never mind that installing Exchange adds another 100+ objects
    to the schema, it all happens behind the scenes.

    On this page: http://www.shukwit.com/index.php is a whole heap of stuff
    from a dude at Apple who's delving far deeper into AD/LDAP than I ever
    want to go, but he's come up with some scripts that are pure gold.
    There are even some DLLs that extend the manage Users thingy in Windows
    Server to add another pane to the window with the Unix/Mac specific
    fields so you can easily populate them, as well as scripts to add the
    necessary changes to the AD schema.

    Now, I've used all this with Mac OS X, and it seems to work quite well
    in my test environment, but haven't tried to use Solaris to auth to it,
    although *in theory* it should all work =)

    Cheers,
    Kai

    
    



  • Next message: Ted Rodriguez-Bell: "RE: Solaris 9 authentication and access control into Active Direc tory"