Afshin,
I am coming to grips with the various terms, so please bear with me.
What I want to currently prototype is the following:-
- osol server authentication using kerberos against AD. User repo only
on AD
- retrieval of user and group attributes from AD.
-- ie getent or other similar calls on solaris would give me the uid,
gid set on AD
- password resets done on AD would be reflected on the osol side when
the user attempts to authenticate.
It seems that this setup was originally done using a script called
ADjoin (now deprecated) and is now done vis kclient
Q) Does this much work today ? either in 2009.06 or later ?
I am presuming that what you describe as not currently supported is the
following
- AD is domain controller and is used for authentication
- OpenSolaris server is a CIFS (SMB) server operating in domain mode
If that is so, then I presume that the CIFS capability works today in
workgroup mode where users repository is on the osol side.
Please validate
thank you
sundeep
On 05/11/10 04:37 PM, Afshin Salek wrote:
Kerberos authentication for SMB users connecting to Solaris SMB server
is under development, so it's not currently supported.
Afshin
On 05/11/10 02:27 PM, sundeep dhall wrote:
Hi Alan,
Thank you for the flag.
I am downloading b134 from genunix.org
I have setup AD on Win2008r2 as well as DNS
The intent is to show that users will be created in AD
Once osol is integrated with the AD as a kerberos client for
authentication, users will be able to login into osol via their auth
to AD.
I have skimmed through the docs on setting up kerberos client for AD
http://docs.sun.com/app/docs/doc/819-3321/ggtwg?l=en&a=view
Q1)I am presuming that perhaps prior to this, the only step required on
the osol side would be to
setup nsswitch.conf and resolv.conf.
Is that correct ?
Q2) How does the CIFS setup on domain-mode work in conjunction to the
above methodology ?
http://docs.sun.com/app/docs/doc/820-2429/configuredomainmodetask?l=en&a=view
Is that a 2ndary step I could do to show CIFS file sharing, or do the
latter steps call kclient internally ?
thank you
sundeep
On 05/11/10 03:20 PM, Alan Wright wrote:
On 05/11/10 08:34 AM, sundeep dhall wrote:
All,
Intent is to demonstrate OpenSolaris2009.06 authentication with AD on
Win2008r2 and UID, GID access based on user creation in AD
For use with Windows, it would be better to upgrade to something
more recent than OpenSolaris 2009.06. The SMB support in 2009.06
is broken.
Alan
I am reading up on the following for kclient
http://docs.sun.com/app/docs/doc/819-3321/setup-341?a=view
But my question is more on the AD side.
I have setup AD on the demo machine.
Q) In 2003, there was a SFU that enabled the AD to have the schema
for unix
Is a similar setting required for 2008 ?
Pointers to where this needs to be done would be appreciated.
thank you
sundeep
_______________________________________________
cifs-discuss mailing list
cifs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
_______________________________________________
cifs-discuss mailing list
cifs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
_______________________________________________
cifs-discuss mailing list
cifs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
