On Wed, Mar 05, 2008 at 08:47:15PM +0000, John Connett wrote: > On Fri, 2008-02-29 at 07:10 -0800, Ross wrote: > > Update: It appears it's not even that, testing the CIFS server on another > > machine, it looks like you just need a reboot after setting it up. So the > > whole process to enable CIFS on a brand new b82 box is: > > > > - Install snv_82. Configure kerberos, networking and DNC when prompted. > > - Once installed, start the CIFS server and join the domain: > > # svcadm enable -r smb/server > > # smbadm join -u domain-user domain-name > > - Reboot server > > > > And then just create zfs filesystems and set sharesmb=on as needed. > > I have been trying to join a snv 83a SPARC system to a domain, so far > without success. The system had a text mode initial install just > preserving the slice that holds a zpool. Networking and kerberos were > configured during the install. What is DNC?
DNC? > Do I need to modify the kerberos configuration post-installation? How > about NTP, LDAP or PAM? If what you want is an SMB server that can operate in an Active Directory domain, then all you need to do is: # vi /etc/krb5/krb5.conf #configure krb5 # svcadm enable -r smb/server # smbadm join -u domain-user domain-name > How does it compare with Scott Lowe's "Solaris 10-AD Integration"? > > http://blog.scottlowe.org/2007/04/25/solaris-10-ad-integration-version-3/ Most of that is not applicable, but if you want more than just an SMB server in an AD domain, such as being able to log in as a Windows user but on a Solaris Express system, then you'll want to follow the notes on how to setup nss_ldap to use SFU. > I'm guessing that the LDAP configuration would need to be modified to > specify the account in Active Directory that will be used to bind to > Active Directory for LDAP queries. Yes, but you don't need to setup nss_ldap if all you want is an SMB server in an AD domain. > Does idmap support using LDAP queries to extract UNIX attributes from > Active Directory? Not directly. The idmap system provides you with several ways to map Windows users and groups to Unix users and groups. If you want to use SFU for these mappings then currently the only way to do this is: - setup SFU - setup nss_ldap w/ SFU (see the URL you quoted) - setup name-based mapping rules mapping Windows user/group names to SFU Unix user/group names Nico -- _______________________________________________ storage-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/storage-discuss
