On Tue, Apr 01, 2008 at 10:02:58AM -0700, Natalie Li wrote:
> Logging in your Solaris system as AD users is currently not supported.
> This is outside the scope of the smbadm CLI.
> I'll let Nico Williams comment on that.
You can log on as users from *one* domain in your forest if you:
a) setup SFU
b) setup nss_ldap w/ schema mapping (there's now a BigAdmin article on
how to do this)
To fully support loging in to Solaris as a user from anywhere in the
forest (and even trusted forests) will require significant amounts of
work. Specifically it will require:
- nss_ad (a name service module that can resolve user/group names
qualified with a domain name from across a forest)
- making tmpfs allow ephemeral IDs
- using ZFS for /var/tmp
- changing/replacing /var/adm/lastlog so it can deal with ephemeral IDs
- changing consumers of /var/adm/lastlog
- removing username length limits that abound in Solaris
- fixing/replacing utmpx so it can deal with very long usernames
- fixing/extending/replacing archivers that store usernames and have
similar length restrictions
- adding new / fixing existing system calls for dealing with large SID
lists in access tokens
- allowing use of ephemeral IDs in various system calls
- ...
All doable. All yet to be done.
Nico
--
_______________________________________________
storage-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/storage-discuss
