Login or Register to Ask a Question and Join Our Community


Solaris

Connecting Solaris 9 to Windows Active Directory

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems Solaris Connecting Solaris 9 to Windows Active Directory
# 1  
Old 03-28-2006
Connecting Solaris 9 to Windows Active Directory
Hi Everyone,

Is it possible to for Solaris 9 box to join a Windows 2000 Active Directory Domain using Samba 3.X. If so are there any How To's out there or does anyone have experience with this. I have successfully done it with RHEL 3.

Things that I configured in REDHAt to get it to work.

1. krb5.conf
2. nsswitch.conf
3. smb.conf

Thanks for your help

Jeremy
Login or Register to Ask a Question

Previous Thread | Next Thread

8 More Discussions You Might Find Interesting

1. AIX

Samba 3.6 on AIX 7.1 - Windows 10 Access to AIX file shares using Active Directory authentication

I am running AIX 7.1 and currently we have samba 3.6.25 installed on the server. As it stands some AIX folders are shared that can be accessed by certain Windows users. The problem is that since Windows 10 the guest feature no longer works so users have to manually type in their Windows login/pwd... (14 Replies)
Discussion started by: linuxsnake
14 Replies

2. Solaris

Authenticating UNIX (Solaris 11) to Windows 2012R2 / Active Directory

Gentleman, i am trying to setup Authentication for my Solaris 11 Server through Active Directory (Server 2012 R2). At least some things are already working, for example a getent passwd mydomainuser and ldapsearch command comes back with a correct result. So not everything i did was wrong. ... (1 Reply)
Discussion started by: bahnhasser83
1 Replies

3. Solaris

Join Solaris 11 server to Active Directory using smbadm?

We are having a hard time joining our organizations Active Directory using this guide. Keep getting hit with syntax and authentication errors. Has anyone here joined a Solaris 11 to an Active Directory using smbadm as detailed in this example? I understand that the example I cited is mainly... (0 Replies)
Discussion started by: LittleLebowski
0 Replies

4. Proxy Server

Solaris 11.1 login authenticate with windows active directory

Hi, is that possible to login to solaris 11.1 authenticate with windows active directory? the user id is created in the windows active directory. Environment: Solaris 11.1 Windows 2012 Active Directory (3 Replies)
Discussion started by: freshmeat
3 Replies

5. Solaris

Configure Solaris to accept Active Directory user logins

Is it possible to configure a Solaris server to authenticate users against an Active Directory server when logging in via ssh? I've seen some docs out there, I've followed their instructions, but it does not work. And I'm beginning to wonder if it is possible or even supported by Oracle. The... (2 Replies)
Discussion started by: BG_JrAdmin
2 Replies

6. Solaris

solaris samba configuration without wins service from authentication window server/Active directory

Hi All, We are using solaris samba server for our company project to provide access to code to our development team.Recently our ICT has disabled wins service on Active directory due which user are not able to connect to samba share and they are getting error "No logon server available" as samba... (2 Replies)
Discussion started by: sahil_shine
2 Replies

7. Solaris

Connect smbclient to an windows server 2003 with active directory

Hello everybody .. i want connect with smbclient to an windows server 2003 with active directory. Exist a version of samba that can do this? Thank you very much for your time. Good Luck :b: (3 Replies)
Discussion started by: enkei17
3 Replies

8. Linux

How to Unite Redhat 9 Linux with Windows 2003 Active Directory authentication

Dear All, How to configure a Redhat 9 client to windows 2003 server. I have windows 2003 server which act has domain controller in my office. I have been asked to use redhat 9 has client. how to configure so that redhat 9 can authenticate with windows 2003 server .I have username created in... (0 Replies)
Discussion started by: solaris8in
0 Replies
Login or Register to Ask a Question

LEARN ABOUT DEBIAN

krb5-sync

KRB5-SYNC(8)							     krb5-sync							      KRB5-SYNC(8)

NAME

       krb5-sync - Synchronize passwords and status with Active Directory

SYNOPSIS

       krb5-sync [-d | -e] [-p password] user

       krb5-sync -f file

DESCRIPTION

       krb5-sync provides a command-line interface to the same functions provided by the password and status synchronization plugin.  It can push
       a new password to Active Directory (actually, to any password store that supports the Kerberos set-password protocol) or activate or
       deactivate an account in Active Directory.

       To synchronize passwords, provide the -p option and specify the password.  Note that the password is given on the command line and must be
       quoted if it contains special characters, and the password will be exposed to any other users on the system where this command is run.
       This is useful primarily for testing and should not be used with production passwords.  Synchronization to Active Directory will be
       attempted based on the configuration in krb5.conf (see below).

       To enable or disable an account, provide the -e or -d option respectively.  These options can also be provided in conjunction with the -p
       option to take both actions at once.

       In either case, user should be the principal name for which these actions should be taken.  user may be either unqualified or in the local
       realm; either way, the Active Directory realm in which to make changes will be taken from the krb5.conf configuration.

       Alternately, krb5-sync also supports processing actions from a file.  To do this, use the -f flag and give the file on the command line.
       The format of the file should be as follows:

	   <account>
	   ad
	   password | enable | disable
	   <password>

       where the fourth line is present only if the <action> is "password".  <account> should be the unqualified name of the account.  The second
       line should be the string "ad" to push the change to Windows Active Directory.  The third line should be one of "password", "enable", or
       "disable", corresponding to the -p, -e, and -d options respectively.  The "enable" and "disable" actions are only supported for AD.

       The file format is not particularly forgiving.  In particular, all of the keywords are case-sensitive and there must not be any whitespace
       at the beginning or end of the lines (except in the password, and only if that whitespace is part of the password), just a single newline
       terminating each line.

       When the -f option is given, the file will be deleted if the action was successful but left alone if the action failed.

       The configuration block in krb5.conf should look something like this:

	   krb5-sync = {
	       ad_keytab       = /etc/krb5kdc/ad-keytab
	       ad_principal    = service/sync@WINDOWS.EXAMPLE.COM
	       ad_realm        = WINDOWS.EXAMPLE.COM
	       ad_admin_server = dc1.windows.example.com
	       ad_ldap_base    = ou=People
	   }

       If the configuration required for an action is not given, that action will not be performed but will apparently succeed from the
       perspective of the krb5-sync utility.  Therefore, if this utility reports success but no change is happening, double-check the
       configuration to ensure that all required options are present.

       The "ad_keytab" option specifies the location of a keytab for authenticating to the other realm, the "ad_principal" option specifies the
       principal to authenticate as (using the key in the keytab), and the "ad_realm" option specifies the foreign realm.  "ad_admin_server" is
       the host to contact via LDAP to push account status changes.  "ad_ldap_base" specifies the base tree inside Active Directory where account
       information is stored.  Omit the trailing "dc=" part; it will be added automatically from "ad_realm".

OPTIONS

       -d  Disable the specified user in Active Directory.  Requires that all of the ad_* options be set in krb5.conf.	This option may not be
	   specified at the same time as -e.

       -e  Enable the specified user in Active Directory.  Requires that all of the ad_* options be set in krb5.conf.  This option may not be
	   specified at the same time as -e.

       -f file
	   Rather than perform a particular action based on a username given on the command line, read a queue file and take action based on it.
	   The format of the queue file is described above.  If the action fails, the file will be left alone.	If the action succeeds, the file
	   will be deleted.

       -p password
	   Change the user's password to password in Active Directory.

EXAMPLES

       Disable the account "jdoe" in Active Directory (using the AD configuration found in krb5.conf):

	   krb5-sync -d jdoe

       Change the password of the account "testuser" in Active Directory to "changeme":

	   krb5-sync -p changeme testuser@EXAMPLE.COM

       The same, except also enable the account in Active Directory:

	   krb5-sync -e -p changeme testuser

       Note that the realm for the user given on the command line is optional and ignored.

       Given a file named jdoe-ad-1168560492 containing:

	   jdoe
	   ad
	   password
	   changeme

       the command:

	   krb5-sync -f jdoe-ad-1168560492

       will change jdoe's password to "changeme" in Active Directory and then delete the file.

SEE ALSO

       The current version of this program is available from its web page at http://www.eyrie.org/~eagle/software/krb5-sync/
       <http://www.eyrie.org/~eagle/software/krb5-sync/>.

AUTHOR

       Russ Allbery <rra@stanford.edu>

2.2								    2012-01-10							      KRB5-SYNC(8)