The instructions here: http://blog.scottlowe.org/2007/01/15/linux-ad-integration-version-4/
Have been very helpful to me... obviously they are Linux specific but are a good jumping off point for Samba/Kerberos Watch how the pam files are setup on your distribution/flavor as there could be other things (like a system-operators file) or some such. -rd -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of John Stoffel Sent: Saturday, January 03, 2009 4:13 PM To: Leon Towns-von Stauber Cc: LOPSA Technical Discussions Subject: Re: [lopsa-tech] AD integration with Unix Leon> On Jan 2, 2009, at 10:24 AM, John Stoffel wrote: >> I just don't want to have to support LDAP on Solaris 8 if I can >> avoid it, though I guess it could be ok. Esp if we can easily >> tweak and restrict access in various ways. >> >> Should I look at the Padl.com stuff again? I looked at it a while >> ago, but they wanted alot of money at the time. Maybe it's >> changed... goes and looks. >> >> Hmm... looks like I can/should use either the nss_ldap, or the >> pam_ldap modules. Anyone have comments on using these on Solaris 8-10 >> systems? Any issues? Leon> I used both on Solaris 8 several years ago (2001), and they Leon> worked well as a YP replacement. I thought I had the Leon> documentation on what I did, but can't find it now. I could Leon> probably dig up some config files if you need them, though. That would be helpful if you can send them on. In my site, I'll be using LDAP to unify multiple domains, while still providing redundancy and tolerance to network outages. Leon> The one thing I couldn't get working on Solaris 8 for some Leon> reason was TLS encryption for the LDAP sessions. I ended up Leon> using IPSec between hosts, which was surprisingly easy using the Leon> bundled Solaris 8 tools (which have since changed). I do have Leon> details on that here: Leon> http://www.occam.com/security/ Thanks for the pointer. I'm not going to worry as much about the TLS stuff, since I'm still stuck with NIS and it's known issues too, along with NFSv3 as well. Heck, some users are still using telnet and ftp for stuff. So no, we're not very secure internally. We do need to work better towards that state though. Thanks for the pointers, reading the docs shows me that I'll need *both* pam_ldap and nss_ldap in my setup, which isn't too bad at all. Thanks, John _______________________________________________ Tech mailing list [email protected] http://lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/ _______________________________________________ Tech mailing list [email protected] http://lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
