Login or Register to Ask a Question and Join Our Community


Software Releases - RSS News

Likewise Open 5.0.3983 (Default branch)

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums News, Links, Events and Announcements Software Releases - RSS News Likewise Open 5.0.3983 (Default branch)
# 1  
Old 01-27-2009
Likewise Open 5.0.3983 (Default branch)
Likewise Open is an application that joins Linux, Unix, and Mac OS machines to Microsoft Active Directory and securely authenticates users with their domain credentials. Features include: joining non-Windows systems to Active Directory domains in a single step from the command line or from a GUI; authenticating users with a single user name and password; enforcing the same password policies for all platforms; supporting multiple forests with one-way and two-way cross forest trusts; caching credentials in case your domain controller goes down; and providing single sign-on for SSH and Putty. It does not require Active Directory schema changes for installation. License: GNU General Public License v2 Changes:
Now, when a bad username/password are given to domainjoin, it will report "password is incorrect for this account" instead of "call to krb5 failed." This release also fixes an FD leak from bad control rights message, handles user enumeration when a username has no "@", and fixes a buffer overflow in group enumeration. Local provider has been moved to be after AD provider. Image

Image

More...
Login or Register to Ask a Question

Previous Thread | Next Thread
Login or Register to Ask a Question

LEARN ABOUT OPENSOLARIS

ad

ad(5)							Standards, Environments, and Macros						     ad(5)

NAME

       ad - Active Directory as a naming repository

DESCRIPTION

       Solaris clients can obtain naming information from Active Directory (AD) servers.

       The  Solaris  system  must first join an AD domain and then add the ad keyword to the appropriate entries in the nsswitch.conf(4) file. The
       Solaris system joins the AD domain by using the	kclient(1M) utility. The AD name service only supports the naming databases for passwd and
       group.

       Windows	users  are not able to log in. The user_attr(4) database has no entries for Windows users, and the passwd(1) command does not sup-
       port the synchronization of user passwords with AD.

       The Solaris AD client uses auto-discovery techniques to find AD directory servers, such as domain controllers and global  catalog  servers.
       The  client  also  uses	the  LDAP  v3 protocol to access naming information from AD servers. The AD server schema requires no modification
       because the AD client works with native AD schema. The Solaris AD client uses the idmap(1M) service to map between Windows security identi-
       fiers (SIDs) and Solaris user identifiers (UIDs) and group identifiers (GIDs). User names and group names are taken from the sAMAccountName
       attribute of the AD user and group objects and then tagged with the domain where the objects reside. The domain name is separated from  the
       user name or group name by the @ character.

       The  client  uses  the  SASL/GSSAPI/KRB5  security  model. The kclient utility is used to join the client to AD. During the join operation,
       kclient configures Kerberos v5 on the client. See kclient(1M).

FILES

       /etc/nsswitch.conf      Configuration file for the name-service switch.

       /etc/nsswitch.ad        Sample configuration file for the name-service switch configured with ad, dns and files.

       /usr/lib/nss_ad.so.1    Name service switch module for AD.

SEE ALSO

       passwd(1), svcs(1), idmap(1M), idmapd(1M), kclient(1M), svcadm(1M), svccfg(1M), svccfg(1M), nsswitch.conf(4), user_attr(4), smf(5)

SunOS 5.11							    22 Oct 2008 							     ad(5)