Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Solaris 11.1 login authenticate with windows active directory
Special Forums IP Networking Proxy Server Solaris 11.1 login authenticate with windows active directory Post 302917313 by jlliagre on Tuesday 16th of September 2014 02:20:41 AM
Old 09-16-2014
The link is about setting up traditional ldap authentication against an active directory.

Starting from Solaris 11, there is an simpler way, the nss_ad (name service switch / active directory) module.

Setting Up Oracle Solaris Active Directory Clients (Tasks) - Oracle Solaris Administration: Naming and Directory Services
This User Gave Thanks to jlliagre For This Post:
Skrynesaver
 

6 More Discussions You Might Find Interesting

1. Linux

How to Unite Redhat 9 Linux with Windows 2003 Active Directory authentication

Dear All, How to configure a Redhat 9 client to windows 2003 server. I have windows 2003 server which act has domain controller in my office. I have been asked to use redhat 9 has client. how to configure so that redhat 9 can authenticate with windows 2003 server .I have username created in... (0 Replies)
Discussion started by: solaris8in
0 Replies

2. Solaris

Connecting Solaris 9 to Windows Active Directory

Hi Everyone, Is it possible to for Solaris 9 box to join a Windows 2000 Active Directory Domain using Samba 3.X. If so are there any How To's out there or does anyone have experience with this. I have successfully done it with RHEL 3. Things that I configured in REDHAt to get it to... (0 Replies)
Discussion started by: morphous
0 Replies

3. Solaris

Connect smbclient to an windows server 2003 with active directory

Hello everybody .. i want connect with smbclient to an windows server 2003 with active directory. Exist a version of samba that can do this? Thank you very much for your time. Good Luck :b: (3 Replies)
Discussion started by: enkei17
3 Replies

4. Shell Programming and Scripting

UNIX Script to query Active Directory: give cn (NT login name) and receive mail (Email address)

Hi folks I need to write UNIX script (with ldapsearch) to query Active Directory. Input is NT login name and output is Email address. Attached a screenshot of Sysinternals "AD Explorer". I need to do the same in CLI. http://i.imgur.com/4s6FB.png I am absolute LDAP/ldapsearch noob. (0 Replies)
Discussion started by: slashdotweenie
0 Replies

5. AIX

Authenticate AIX users from MS Active Directory

First, let me start off saying this is not spam. This is me trying to help out other AIX Admins with MS AD servers. If it is not applicable to you, someone else will find it useful. As long as the "KDC" service is running on your AD server, these steps should work. There should be no... (3 Replies)
Discussion started by: kah00na
3 Replies

6. Solaris

Authenticating UNIX (Solaris 11) to Windows 2012R2 / Active Directory

Gentleman, i am trying to setup Authentication for my Solaris 11 Server through Active Directory (Server 2012 R2). At least some things are already working, for example a getent passwd mydomainuser and ldapsearch command comes back with a correct result. So not everything i did was wrong. ... (1 Reply)
Discussion started by: bahnhasser83
1 Replies

LEARN ABOUT ULTRIX

ldap

ldap(1) 							   User Commands							   ldap(1)

NAME

       ldap - LDAP as a naming repository

DESCRIPTION

       LDAP  refers  to  Lightweight Directory Access Protocol, which is an industry standard for accessing directory servers. By initializing the
       client using ldapclient(1M) and using the keyword ldap in the name service switch file, /etc/nsswitch.conf, Solaris clients can obtain nam-
       ing  information from an LDAP server.  Information such as usernames, hostnames, and passwords are stored on the LDAP server in a Directory
       Information Tree or DIT. The DIT consists of entries which in turn are composed of attributes. Each attribute has a type and  one  or  more
       values.

       Solaris	LDAP  clients  use  the  LDAP  v3 protocol to access naming information from LDAP servers. The LDAP server must support the object
       classes and attributes defined in RFC2307bis (draft), which maps the naming service model on to LDAP. As an alternate to using  the  schema
       defined	in  RFC2307bis	(draft), the system can be configured to use other schema sets and the schema mapping feature is configured to map
       between the two. Refer to the System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP) for more details.

       The ldapclient(1M) utility can make a Solaris machine an LDAP client by setting up the appropriate directories,	files,	and  configuration
       information. The LDAP client caches this configuration information in local cache files. This configuration information is accessed through
       the ldap_cachemgr(1M) daemon. This daemon also refreshes the information in the configuration files from the LDAP server, providing  better
       performance and security. The ldap_cachemgr must run at all times for the proper operation of the naming services.

       There  are two types of configuration information, the information  available through a profile, and the information configured per client.
       The profile contains all the information as to how the  client accesses the directory. The credential information for proxy user is config-
       ured on a per client basis and is not downloaded through the profile.

       The  profile  contains  server-specific parameters that are required by all clients to locate the servers for the desired LDAP domain. This
       information could be the  server's IP address and the search base Distinguished Name (DN), for instance. It is  configured  on  the  client
       from  the default profile during  client  initialization and is	periodically  updated by the ldap_cachemgr daemon when the expiration time
       has elapsed.

       Client profiles can be stored on the LDAP server and may be used by the ldapclient utility to initialize an LDAP client. Using  the  client
       profile is the easiest way to configure a  client  machine. See ldapclient(1M).

       Credential information includes client-specific parameters that are used  by  a client. This information could be the Bind DN (LDAP "login"
       name) of the client and the password. If these parameters are required, they are manually defined during the initialization  through  ldap-
       client(1M).

       The  naming information is stored in containers on the LDAP server. A container is a non-leaf entry in the DIT that contains naming service
       information. Containers are similar to maps in NIS and tables in NIS+. A default mapping between the NIS databases  and the containers	in
       LDAP  is  presented  below.  The location of these containers as well as their names  can be overridden through the use of serviceSearchDe-
       scriptors. For more information, see ldapclient(1M).

       +--------------------+--------------------+---------------------------+
       |Database	    |Object Class	 | Container		     |
       +--------------------+--------------------+---------------------------+
       |passwd		    |posixAccount	 | ou=people,dc=...	     |
       +--------------------+--------------------+---------------------------+
       |		    |shadowAccount	 |			     |
       +--------------------+--------------------+---------------------------+
       |group		    |posixGroup 	 | ou=Group,dc=...	     |
       +--------------------+--------------------+---------------------------+
       |services	    |ipService		 | ou=Services,dc=...	     |
       +--------------------+--------------------+---------------------------+
       |protocols	    |ipProtocol 	 | ou=Protocols,dc=...	     |
       +--------------------+--------------------+---------------------------+
       |rpc		    |oncRpc		 | ou=Rpc,dc=...	     |
       +--------------------+--------------------+---------------------------+
       |hosts		    |ipHost		 | ou=Hosts,dc=...	     |
       +--------------------+--------------------+---------------------------+
       |ipnodes 	    |ipHost		 | ou=Hosts,dc=...	     |
       +--------------------+--------------------+---------------------------+
       |ethers		    |ieee802Device	 | ou=Ethers,dc=...	     |
       +--------------------+--------------------+---------------------------+
       |bootparams	    |bootableDevice	 | ou=Ethers,dc=...	     |
       +--------------------+--------------------+---------------------------+
       |networks	    |ipNetwork		 | ou=Networks,dc=...	     |
       +--------------------+--------------------+---------------------------+
       |netmasks	    |ipNetwork		 | ou=Networks,dc=...	     |
       +--------------------+--------------------+---------------------------+
       |netgroup	    |nisNetgroup	 | ou=Netgroup,dc=...	     |
       +--------------------+--------------------+---------------------------+
       |aliases 	    |mailGroup		 | ou=Aliases,dc=...	     |
       +--------------------+--------------------+---------------------------+
       |publickey	    |nisKeyObject	 |			     |
       +--------------------+--------------------+---------------------------+
       |generic 	    |nisObject		 | nisMapName=...,dc=...     |
       +--------------------+--------------------+---------------------------+
       |printers	    |printerService	 | ou=Printers,dc=...	     |
       +--------------------+--------------------+---------------------------+
       |auth_attr	    |SolarisAuthAttr	 | ou=SolarisAuthAttr,dc=... |
       +--------------------+--------------------+---------------------------+
       |prof_attr	    |SolarisProfAttr	 | ou=SolarisProfAttr,dc=... |
       +--------------------+--------------------+---------------------------+
       |exec_attr	    |SolarisExecAttr	 | ou=SolarisProfAttr,dc=... |
       +--------------------+--------------------+---------------------------+
       |user_attr	    |SolarisUserAttr	 | ou=people,dc=...	     |
       +--------------------+--------------------+---------------------------+
       |audit_user	    |SolarisAuditUser	 | ou=people,dc=...	     |
       +--------------------+--------------------+---------------------------+

       The security model for clients is defined by a combination of the credential level to be used, the authentication method, and the PAM  mod-
       ules  to  be  used.  The  credential  level defines what credentials the client should use to authenticate to the directory server, and the
       authentication method defines the method of choice.  Both these can be set with multiple values. The Solaris LDAP  supports  the  following
       values for credential level :

		 anonymous

		 proxy

       The Solaris LDAP supports the following values for authentication method:

		 none

		 simple

		 sasl/CRAM-MD5

		 sasl/DIGEST-MD5

		 tls:simple

		 tls:sasl/CRAM-MD5

		 tls:sasl/DIGEST-MD5

       More  protection can be provided by means of  access control, allowing the server to grant access for certain containers or entries. Access
       control is specified by Access Control Lists (ACLs) that are defined and stored in the LDAP server. The Access Control Lists  on  the  LDAP
       server  are  called Access Control  Instructions (ACIs) by the the SunOne Directory Server. Each ACL or ACI specifies one or more directory
       objects, for example, the cn attribute in a specific container, one or more clients to whom you grant or  deny  access,	and  one  or  more
       access  rights  that  determine what the clients can do to or with the objects. Clients can be users or	applications. Access rights can be
       specified as read and write, for example. Refer to the System Administration Guide: Naming and Directory  Services  (DNS,  NIS,	and  LDAP)
       regarding the restrictions on ACLs and ACIs when using LDAP as a naming repository.

       A  sample  nsswitch.conf(4) file called nsswitch.ldap is provided in the /etc directory. This is copied to /etc/nsswitch.conf  by the ldap-
       client(1M) utility. This file uses LDAP as a repository for the different databases in the  nsswitch.conf file.

       The following is a list of the user commands related to LDAP:

       idsconfig(1M)	       Prepares a SunOne Directory Server to be ready to support Solaris LDAP clients.

       ldapaddent(1M)	       Creates LDAP entries from corresponding /etc files.

       ldapclient(1M)	       Initializes LDAP clients, or generates a configuration profile to be stored in the directory.

       ldaplist(1)	       Lists the contents of the LDAP naming space.

FILES

       /var/ldap/ldap_client_cred      Files that contain the LDAP configuration of the client. Do not manually modify these files. Their  content
       /var/ldap/ldap_client_file      is not  guaranteed to be human readable. Use ldapclient(1M) to update them.

       /etc/nsswitch.conf	       Configuration file for the name-service switch.

       /etc/nsswitch.ldap	       Sample configuration file for the name-service switch configured with LDAP and files.

       /etc/pam.conf		       PAM framework configuration file.

SEE ALSO

       ldaplist(1),   idsconfig(1M),  ldap_cachemgr(1M),  ldapaddent(1M),  ldapclient(1M),  nsswitch.conf(4),  pam.conf(4),  pam_authtok_check(5),
       pam_authtok_get(5),  pam_authtok_store(5),   pam_dhkeys(5),   pam_ldap(5),   pam_passwd_auth(5),   pam_unix_account(5),	 pam_unix_auth(5),
       pam_unix_session(5)

       System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP)

NOTES

       The  pam_unix(5)  module  is  no longer supported. Similar functionality is provided by pam_authtok_check(5), pam_authtok_get(5), pam_auth-
       tok_store(5), pam_dhkeys(5), pam_passwd_auth(5), pam_unix_account(5), pam_unix_auth(5), and pam_unix_session(5).

SunOS 5.10							    7 Jan 2004								   ldap(1)
All times are GMT -4. The time now is 12:02 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy