Re: Solaris 9 authentication and access control into Active Directory
From: Kai Howells (kai_at_rocketcat.info)
Date: Wed, 15 Sep 2004 16:12:26 +1000 To: Erwin Fritz <efritz@GLJA.com>
Okay, basically I don't believe that what you want to do can be done
out of the box.
I've done a fair bit of work along these lines, except using Mac OS X
to auth to AD.
The most reliable way to do it is to extend the schema in AD to add a
few essential unix fields, like UID. Alternatively, if you're actually
on OS X (not Solaris) there's some 3rd party software that helps things
greatly, but that's no help to this discussion.
The main problem with this (extending the schema) is that it scares the
MCSEs - never mind that installing Exchange adds another 100+ objects
to the schema, it all happens behind the scenes.
On this page: http://www.shukwit.com/index.php is a whole heap of stuff
from a dude at Apple who's delving far deeper into AD/LDAP than I ever
want to go, but he's come up with some scripts that are pure gold.
There are even some DLLs that extend the manage Users thingy in Windows
Server to add another pane to the window with the Unix/Mac specific
fields so you can easily populate them, as well as scripts to add the
necessary changes to the AD schema.
Now, I've used all this with Mac OS X, and it seems to work quite well
in my test environment, but haven't tried to use Solaris to auth to it,
although *in theory* it should all work =)
- application/pkcs7-signature attachment: smime.p7s