Solaris 10 8/07 added Active Directory (windows authentication) support to samba. This is great, because my organization recently consolidated our authentication systems/user files, so that users on windows machines get the same files/etc that they would on our linux and solaris machines.
We chose linux for the file servers, we set them up, and they just worked, out of the box. Unfortunately, NFSv4/Kerberos on these systems turned out to be a stability nightmare. When I started looking back at solaris, I was extremely happy to see that solaris was finally officially supporting ADS on samba (no recompiling samba+openldap+ mitkrb5...etc)- I quickly loaded the machine up, copied our smb.conf over, and ran samba's "net ads join" command. It connected to our active directory and generated all the principals as I would expect. I could mount and copy files on a windows client with no trouble. Unfortunately though, that means that samba grabbed the "host/[EMAIL PROTECTED]" principal, which I need to use for NFS and other applications. It stored these in its secrets.tdb file, and did not create/add anything to the system wide keytab (as it does on linux samba, especially with the "use kerberos keytab = true" configuration option). The "net ads keytab <ADD|CREATE|...>" command also completes successfully, but it does not write anything to the system wide keytab. It seems to act more like a NO-OP command. If I create another account in active directory with the " host/[EMAIL PROTECTED]" principal mapped to it (so there are duplicate entries), windows will invalidate both entries, so it seems like this makes me have to decide whether I want to use kerberos with samba, or for everything else. uname: SunOS 5.10 Generic_120011-14 sun4u sparc SUNW,Sun-Fire-V240, and I'm using the vanilla 10u4 samba (3.0.25a) Any advice? Josh Lange
_______________________________________________ opensolaris-discuss mailing list [email protected]
