12-13-2010
These steps use Kerberos for only setup password authentication. This is not an LDAP connection, therefore, none of the user attributes are pulled from it. This solution is good for those that only want password centralization. If you want to use LDAP authentication, then the UIDs and GIDs have to match across systems, you have to involve the Windows administrators to get the AD server configured for your users, and various other tasks have to be performed. This method allows you, as the AIX admin, to be able to have your users authenticate their password from the AD with minimal effort and gets you out of the "I can't remember my password" game. Also, since you are only installing software and adding a second authentication method, there is no down time and you an switch users back and forth between local and AD authentication with only one command.
These 2 Users Gave Thanks to kah00na For This Post:
6 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
Hello, I asked this question in the AIX subforum but never received an answer, probably because the AIX forum is not that heavily trafficked. Anyway, here it is..
I have never had any issues like this when compiling applications from source. When I try to compile samba-3.5.0pre2, configure runs... (9 Replies)
Discussion started by: raidzero
9 Replies
2. UNIX for Dummies Questions & Answers
Hello,
I've configured an user authentication against Active Directory (Windows Server 2008 R2) on AIX V6 with LDAP. It works fine.
And here's my problem:
How can I control ldap user permissions on the local AIX machine?
E.g. an AD user should be able to write all files of local sys... (1 Reply)
Discussion started by: xia777
1 Replies
3. Proxy Server
Hi,
is that possible to login to solaris 11.1 authenticate with windows active directory? the user id is created in the windows active directory.
Environment:
Solaris 11.1
Windows 2012 Active Directory (3 Replies)
Discussion started by: freshmeat
3 Replies
4. UNIX for Advanced & Expert Users
Hello folks, Please advise me what is the best way to authenticate Windows AD users against Linux machines.
Currently I am going to take a look of Vintela Authentication Services and please let me know if you have experience with VIntela.
Thanks in advance (1 Reply)
Discussion started by: Vit0_Corleone
1 Replies
5. AIX
Hi. Ive recently upgraded Samba on an AIX server to Samba 4. The aim is to allow a specific group of Windows AD users to access some AIX file shares (with no requirement to enter passwords) - using AD to authenticate.
Currently I have:
Samba 4 installed ( and 3 daemons running)
Installed... (1 Reply)
Discussion started by: linuxsnake
1 Replies
6. AIX
I am running AIX 7.1 and currently we have samba 3.6.25 installed on the server. As it stands some AIX folders are shared that can be accessed by certain Windows users.
The problem is that since Windows 10 the guest feature no longer works so users have to manually type in their Windows login/pwd... (14 Replies)
Discussion started by: linuxsnake
14 Replies
LEARN ABOUT OPENSOLARIS
ad
ad(5) Standards, Environments, and Macros ad(5)
NAME
ad - Active Directory as a naming repository
DESCRIPTION
Solaris clients can obtain naming information from Active Directory (AD) servers.
The Solaris system must first join an AD domain and then add the ad keyword to the appropriate entries in the nsswitch.conf(4) file. The
Solaris system joins the AD domain by using the kclient(1M) utility. The AD name service only supports the naming databases for passwd and
group.
Windows users are not able to log in. The user_attr(4) database has no entries for Windows users, and the passwd(1) command does not sup-
port the synchronization of user passwords with AD.
The Solaris AD client uses auto-discovery techniques to find AD directory servers, such as domain controllers and global catalog servers.
The client also uses the LDAP v3 protocol to access naming information from AD servers. The AD server schema requires no modification
because the AD client works with native AD schema. The Solaris AD client uses the idmap(1M) service to map between Windows security identi-
fiers (SIDs) and Solaris user identifiers (UIDs) and group identifiers (GIDs). User names and group names are taken from the sAMAccountName
attribute of the AD user and group objects and then tagged with the domain where the objects reside. The domain name is separated from the
user name or group name by the @ character.
The client uses the SASL/GSSAPI/KRB5 security model. The kclient utility is used to join the client to AD. During the join operation,
kclient configures Kerberos v5 on the client. See kclient(1M).
FILES
/etc/nsswitch.conf Configuration file for the name-service switch.
/etc/nsswitch.ad Sample configuration file for the name-service switch configured with ad, dns and files.
/usr/lib/nss_ad.so.1 Name service switch module for AD.
SEE ALSO
passwd(1), svcs(1), idmap(1M), idmapd(1M), kclient(1M), svcadm(1M), svccfg(1M), svccfg(1M), nsswitch.conf(4), user_attr(4), smf(5)
SunOS 5.11 22 Oct 2008 ad(5)