Authenticate AIX users from MS Active Directory Post: 302479923

Sponsored Content

Operating Systems AIX Authenticate AIX users from MS Active Directory Post 302479923 by kah00na on Monday 13th of December 2010 09:32:38 AM

12-13-2010

Registered User

These steps use Kerberos for only setup password authentication. This is not an LDAP connection, therefore, none of the user attributes are pulled from it. This solution is good for those that only want password centralization. If you want to use LDAP authentication, then the UIDs and GIDs have to match across systems, you have to involve the Windows administrators to get the AD server configured for your users, and various other tasks have to be performed. This method allows you, as the AIX admin, to be able to have your users authenticate their password from the AD with minimal effort and gets you out of the "I can't remember my password" game. Also, since you are only installing software and adding a second authentication method, there is no down time and you an switch users back and forth between local and AD authentication with only one command.

These 2 Users Gave Thanks to kah00na For This Post:

kah00na

View Public Profile for kah00na

Find all posts by kah00na

6 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Compiling Samba from Source on AIX, Active Directory, LDAP, Kerberos

Hello, I asked this question in the AIX subforum but never received an answer, probably because the AIX forum is not that heavily trafficked. Anyway, here it is.. I have never had any issues like this when compiling applications from source. When I try to compile samba-3.5.0pre2, configure runs...

2. UNIX for Dummies Questions & Answers

control permissions for Active Directory users on AIX

Hello, I've configured an user authentication against Active Directory (Windows Server 2008 R2) on AIX V6 with LDAP. It works fine. And here's my problem: How can I control ldap user permissions on the local AIX machine? E.g. an AD user should be able to write all files of local sys...

3. Proxy Server

Solaris 11.1 login authenticate with windows active directory

Hi, is that possible to login to solaris 11.1 authenticate with windows active directory? the user id is created in the windows active directory. Environment: Solaris 11.1 Windows 2012 Active Directory

4. UNIX for Advanced & Expert Users

Windows AD users authenticate to Linux

Hello folks, Please advise me what is the best way to authenticate Windows AD users against Linux machines. Currently I am going to take a look of Vintela Authentication Services and please let me know if you have experience with VIntela. Thanks in advance

5. AIX

AIX 7.1 - Samba 4 File Shares and Integration with Active Directory Issues

Hi. Ive recently upgraded Samba on an AIX server to Samba 4. The aim is to allow a specific group of Windows AD users to access some AIX file shares (with no requirement to enter passwords) - using AD to authenticate. Currently I have: Samba 4 installed ( and 3 daemons running) Installed...

6. AIX

Samba 3.6 on AIX 7.1 - Windows 10 Access to AIX file shares using Active Directory authentication

I am running AIX 7.1 and currently we have samba 3.6.25 installed on the server. As it stands some AIX folders are shared that can be accessed by certain Windows users. The problem is that since Windows 10 the guest feature no longer works so users have to manually type in their Windows login/pwd...

LEARN ABOUT OPENSOLARIS

ad(5)							Standards, Environments, and Macros						     ad(5)

NAME

       ad - Active Directory as a naming repository

DESCRIPTION

       Solaris clients can obtain naming information from Active Directory (AD) servers.

       The  Solaris  system  must first join an AD domain and then add the ad keyword to the appropriate entries in the nsswitch.conf(4) file. The
       Solaris system joins the AD domain by using the	kclient(1M) utility. The AD name service only supports the naming databases for passwd and
       group.

       Windows	users  are not able to log in. The user_attr(4) database has no entries for Windows users, and the passwd(1) command does not sup-
       port the synchronization of user passwords with AD.

       The Solaris AD client uses auto-discovery techniques to find AD directory servers, such as domain controllers and global  catalog  servers.
       The  client  also  uses	the  LDAP  v3 protocol to access naming information from AD servers. The AD server schema requires no modification
       because the AD client works with native AD schema. The Solaris AD client uses the idmap(1M) service to map between Windows security identi-
       fiers (SIDs) and Solaris user identifiers (UIDs) and group identifiers (GIDs). User names and group names are taken from the sAMAccountName
       attribute of the AD user and group objects and then tagged with the domain where the objects reside. The domain name is separated from  the
       user name or group name by the @ character.

       The  client  uses  the  SASL/GSSAPI/KRB5  security  model. The kclient utility is used to join the client to AD. During the join operation,
       kclient configures Kerberos v5 on the client. See kclient(1M).

FILES

       /etc/nsswitch.conf      Configuration file for the name-service switch.

       /etc/nsswitch.ad        Sample configuration file for the name-service switch configured with ad, dns and files.

       /usr/lib/nss_ad.so.1    Name service switch module for AD.

SEE ALSO

       passwd(1), svcs(1), idmap(1M), idmapd(1M), kclient(1M), svcadm(1M), svccfg(1M), svccfg(1M), nsswitch.conf(4), user_attr(4), smf(5)

SunOS 5.11							    22 Oct 2008 							     ad(5)