[geeks] Authenticating Solaris 9 from AD
Phil Brutsche
phil at tux.obix.com
Tue Sep 27 14:22:39 CDT 2005
geeks at litfire.com wrote:
> I'm looking into authenticating Solaris 9 users against an AD box we'd put
> into a colo. From the looks of what I've Googled, there's either a mix of
> roll-your-own with OpenLDAP, Samba, Windows Services for UNIX, and
> shipped-with-Solaris bits, or Vintela's Vintela Authentication Services.
> I've seen some mentions that Win2003R2 will be better, but it seems like
> that's mostly a matter of SFU being integrated into 2003R2.
>
>
>
> I'm downloading the R2 RC0 trial version to play, but I was wondering if
> anyone had advice.
SFU (aka Services for UNIX), hands down.
Why?
a) 0 cost
b) It will be integrated with future versions of Windows Server (Windows
2003 R2 is just the beginning)
c) Simplicity - as an NIS server it Just Works
IME SFU Just Works when you use it as an NIS server. You use the
ActiveDirectory DNS domain name as the NIS domain name.
Keep in mind that you will need to install SFU on ALL your domain
controllers. This will make them all NIS masters, btw.
The reason for that is that it updates the AD schema to include variants
of the standard RFC 2307 schema (the attributes are named differently),
and provides a mechanism to update the RFC 2307 attributes via ADUC. I
have the attribute mappings if anyone wants them.
LDAP via the PAM and NSS works as well, but is very slow compared to NIS.
--
Phil Brutsche
phil at tux.obix.com
More information about the geeks
mailing list