Let me to understand if I did it in the right order I did the following:
I have Windows 2003R2 with rfc2307 extensions installed. User name XXXX have a windows account in the Active Directory and also a posix account enable. This means user name XXXX has a uid,uidNumber, gid, gecos, UnixHomeDirectory, LoginShell etc... configure. In the opensolairs machine name Filer I configure the resolve.conf to point to the Windows 2003 Server. Configure the kerberos so I can authenticate using the kerberos protocol. To test it I run the command kinit "[email protected]" or "kinit Administrator" and this seems to work fine (klist show the active ticket) It is also working for user XXXX. Now I configure the ldap client and the dns client under the svcadm to enable state.The ldap client was configure using the ldapclient command so it could map to the correct attributes in the AD. It is mostly based on the parameters you can find here: "http://blog.scottlowe.org/2006/08/15/solaris-10-and-active-directory-integrati on/" After this I edit the nsswitch.conf to include the ldap parameters only to the passwd and shadow map. The hosts have files and dns parameters. I can ping and resolve the Windows Domain Controller. In this step I check to see if I can resolve users from the active directory. I run the command 'getent passwd XXXX' and manage to get the attributes from the active directory, so ldap client seems to work just fine. I'm getting the username, UIDm GUI, loginshell, home directory and the gecos parameters. Just note that the id command also worked. Now I configured the pam.conf so users can longing to the machine using kerberos. I check it and users from active directory can login to the server using there username and password store in the active directory. (I not sure this is needed to have cifs sever, but just in case u wonder) Now the hard part: I add the machine to the windows domain using the command '/usr/sbin/kclient -T ms_ad' or 'smbadm join -u Administrator Domain' Join was added successfully without the DDNS option. I add to add the machine IP to the DNS manually. Now I have started the cifs services on the opensoalris and login to windows XP machine in the domain using the user XXXX. When trying to connect to the opensolaris machine using cifs ( Windows -> Start->Run-->\\opensoalris) I can't get to the share. A popup windows is popup asking for user and password. I tried everything and nothing seems to work. rona with password, Domain\rona with password, DC\rona with password but nothing is working. On the console I notice that user XXXX is consider as guest. My question here is what do I need to configure in the idmap? Do I really need to configure the ldap client in the first place? or it is not necessary? U recommend to use this - but this also doesn't work svccfg -s svc:/system/idmap setprop config/directory_based_mapping=astring: idmu Can u point me how to configure a OpenSolaris in a windows domain? I'm getting crazy - 4 days and still nothing :-( In this opportunity - I want to wish u a happy Christmas 10x Sassy -- This message posted from opensolaris.org _______________________________________________ cifs-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
