|Linux & Unix Commands - Search Man Pages
ad(5) Standards, Environments, and Macros ad(5)
ad - Active Directory as a naming repository
Solaris clients can obtain naming information from Active Directory (AD) servers.
The Solaris system must first join an AD domain and then add the ad keyword to the appro-
priate entries in the nsswitch.conf(4) file. The Solaris system joins the AD domain by
using the kclient(1M) utility. The AD name service only supports the naming databases for
passwd and group.
Windows users are not able to log in. The user_attr(4) database has no entries for Windows
users, and the passwd(1) command does not support the synchronization of user passwords
The Solaris AD client uses auto-discovery techniques to find AD directory servers, such as
domain controllers and global catalog servers. The client also uses the LDAP v3 protocol
to access naming information from AD servers. The AD server schema requires no modifica-
tion because the AD client works with native AD schema. The Solaris AD client uses the
idmap(1M) service to map between Windows security identifiers (SIDs) and Solaris user
identifiers (UIDs) and group identifiers (GIDs). User names and group names are taken from
the sAMAccountName attribute of the AD user and group objects and then tagged with the
domain where the objects reside. The domain name is separated from the user name or group
name by the @ character.
The client uses the SASL/GSSAPI/KRB5 security model. The kclient utility is used to join
the client to AD. During the join operation, kclient configures Kerberos v5 on the client.
/etc/nsswitch.conf Configuration file for the name-service switch.
/etc/nsswitch.ad Sample configuration file for the name-service switch configured
with ad, dns and files.
/usr/lib/nss_ad.so.1 Name service switch module for AD.
passwd(1), svcs(1), idmap(1M), idmapd(1M), kclient(1M), svcadm(1M), svccfg(1M), svc-
cfg(1M), nsswitch.conf(4), user_attr(4), smf(5)
SunOS 5.11 22 Oct 2008 ad(5)
All times are GMT -4. The time now is 08:21 PM.