Kyle McDonald wrote:
What are the prerequisites for CIFS/IDmap to use Directory based name
mapping from an AD servers?
a) The CIFS server need to join the domain right?
Yes.
b) Does the Name services switch need to be configured any particular
way?
ad? ladap?
No, though generally it may be desirable to add the "ad" name service
provider so that ephemeral IDs are translated to n...@domain in things like
ls output.
c) Does Kerberos need to already be setup and working to join the domain?
Yes. "kclient" does the trick.
d) Even if the nsswitch.conf doesn't need ldap or ad, does LDAP need
to be setup and working to join the domain?
No. All CIFS-related LDAP is internal to the CIFS and identity mapping
subsystems and does not use any Solaris LDAP configuration.
A few additional tidbits:
If you can guarantee that for all users and groups the UNIX and AD names
are the same (or that there is no corresponding user/group on the other
side), you can configure Directory based name mapping to use one of the
standard AD attributes, probably sAMAccountName. sAMAccountName is what
the user interface calls the "Pre-Windows 2000 Logon Name".
If you cannot guarantee that the UNIX and AD names are the same - if, for
instance, my AD name might be "jordan" while my UNIX name is "jb1234" - you
will need to arrange to put the UNIX name into some AD attribute. You
could perhaps abuse some existing AD attribute for the purpose, or could
add a new attribute to your AD schema. You must then populate that
attribute for all of the users you want mapped.
You *may* be able to use one AD directory for both your UNIX and Windows
name service. To do so will require the optional "Identity Management for
UNIX" component of AD. You will then need to have your UNIX systems either
use the NIS maps exported by the "Server for NIS" component of AD, or
directly use LDAP served by AD. We have not tested either of these
configurations, and the required LDAP configuration is rather technical.
Hope that helps.
_______________________________________________
cifs-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
