[geeks] Authenticating Solaris 9 from AD
velociraptor
velociraptor at gmail.com
Tue Sep 27 16:26:59 CDT 2005
On 9/27/05, Phil Brutsche <phil at tux.obix.com> wrote:
> velociraptor wrote:
> > My investigation suggested that sufficient changes were necessary
> > to the AD schema that it would be a nightmare unless the enterprise
> > size was large enough for the additional work to make sense. In
> > particular, since there had been no attempt to "normalize" UNIX vs
> > Windows UIDs, etc., in our environment, a lot of work would need to
> > be done.
>
> For reference, Services for UNIX (aka SFU) does all that for you :) The
> 2 tricks to remember are that:
>
> a) SFU needs to be installed on ALL the domain controllers
> b) You need to manually set the posix attributes (gid, uid, shell, etc)
> in Active Directory Users and Computers. It could probably be done manually
Given that: "they" (Windows guys) have 500+ machines (2k servers,
too, not 2k3 servers), SFU would have to go through a tech review
before we could implement, and, finally, that I would have to "educate"
them to do the last part (gid, uid, &c), it really wasn't worth it for my 50
servers and 30 users. I was also warned off that path by my network
architect for unspoken political reasons.
But, when it gets down to brass tacks, I'd rather learn Kerberos and/or
LDAP and keep my team focussed on what the do--UNIX.
=Nadine=
More information about the geeks
mailing list