Re: Solaris 9 authentication and access control into Active Directory

Okay, basically I don't believe that what you want to do can be done 
out of the box.
I've done a fair bit of work along these lines, except using Mac OS X 
to auth to AD.

The most reliable way to do it is to extend the schema in AD to add a 
few essential unix fields, like UID. Alternatively, if you're actually 
on OS X (not Solaris) there's some 3rd party software that helps things 
greatly, but that's no help to this discussion.

The main problem with this (extending the schema) is that it scares the 
MCSEs - never mind that installing Exchange adds another 100+ objects 
to the schema, it all happens behind the scenes.

On this page: http://www.shukwit.com/index.php is a whole heap of stuff 
from a dude at Apple who's delving far deeper into AD/LDAP than I ever 
want to go, but he's come up with some scripts that are pure gold. 
There are even some DLLs that extend the manage Users thingy in Windows 
Server to add another pane to the window with the Unix/Mac specific 
fields so you can easily populate them, as well as scripts to add the 
necessary changes to the AD schema.

Now, I've used all this with Mac OS X, and it seems to work quite well 
in my test environment, but haven't tried to use Solaris to auth to it, 
although *in theory* it should all work =)

Cheers,
Kai

smime.p7s
Description: S/MIME cryptographic signature