| Author |
Message |
Paul
Guest
|
 Posted:
Wed Jan 12, 2005 5:21 am Post subject:
Adding Solaris 10 machine to Active Directory Authentication |
|
|
Hello all,
I am trying to join a Solaris 10 machine to a Windows 2003 domain using
LDAP. Does anyone know where documentation exists on how to do this.
Thanks
Paul |
|
| Back to top |
|
 |
Al Mulnick
Guest
|
| Posted:
Wed Jan 12, 2005 6:25 am Post subject:
Re: Adding Solaris 10 machine to Active Directory Authentica |
|
|
Can you be more specific? What exactly do you want to accomplish in the
end? Just to use LDAP auth?
You don't want any of the Kerberos integration?
This link might be useful, but if you can provide some more requirements it
might help to narrow it down some more.
http://www.microsoft.com/technet/itsolutions/cits/interopmigration/unix/usecdirw/03wsdsu.mspx
As a side note, there are third party tools that will make the Solaris OS
integrate better into your AD environment. If this is more than one host,
you may want to look at products such as the one here
http://www.centrify.com
Al
"Paul" <kristypaul20012@hotmail.com> wrote in message
news:jcZEd.83170$dv1.11749@edtnps89...
| Quote: | Hello all,
I am trying to join a Solaris 10 machine to a Windows 2003 domain using
LDAP. Does anyone know where documentation exists on how to do this.
Thanks
Paul
|
|
|
| Back to top |
|
|
Joe Richards [MVP]
Guest
|
| Posted:
Wed Jan 12, 2005 9:23 am Post subject:
Re: Adding Solaris 10 machine to Active Directory Authentica |
|
|
Well LDAP isn't used for authentication for machines joined to AD because LDAP
isn't an authentication protocol and is pretty insecure. Kerberos, which is
secure, is used. If you are looking at truly joining a domain you might want to
look at the offerings from Centrify or Vintela as they let a UNIX host truly
join an AD Domain.
joe
--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net
Paul wrote:
| Quote: | Hello all,
I am trying to join a Solaris 10 machine to a Windows 2003 domain using
LDAP. Does anyone know where documentation exists on how to do this.
Thanks
Paul
|
|
|
| Back to top |
|
|
Paul
Guest
|
| Posted:
Thu Jan 13, 2005 12:27 am Post subject:
Re: Adding Solaris 10 machine to Active Directory Authentica |
|
|
In the end we would like to be able to save/delete/browse files from any
windows machine onto the Solaris machine and vise versa , and also be able
to use your Windows login to access the Solaris Machine. Yes Kerberose would
be preferred.
"Al Mulnick" <amulnick_No_SPAM@ncDOTrr.com> wrote in message
news:e15w#0D#EHA.3616@TK2MSFTNGP11.phx.gbl...
dirw/03wsdsu.mspx
| Quote: |
As a side note, there are third party tools that will make the Solaris OS
integrate better into your AD environment. If this is more than one host,
you may want to look at products such as the one here
http://www.centrify.com
Al
"Paul" <kristypaul20012@hotmail.com> wrote in message
news:jcZEd.83170$dv1.11749@edtnps89...
Hello all,
I am trying to join a Solaris 10 machine to a Windows 2003 domain using
LDAP. Does anyone know where documentation exists on how to do this.
Thanks
Paul
|
|
|
| Back to top |
|
|
Paul
Guest
|
| Posted:
Thu Jan 13, 2005 12:30 am Post subject:
Re: Adding Solaris 10 machine to Active Directory Authentica |
|
|
Thanks - here is what I want to accomplish in the end.
Logging into the Solaris Machine with your Windows Login
Browse/Save/Delete folders and files from Windows to Solaris and vice versa.
Is LDAP needed in this case ?
Or is the only way to go , with something like Centrify ?
What about ADAM (Active Directory Application Mode) ?
Thanks for your help
Paul
"Joe Richards [MVP]" <humorexpress@hotmail.com> wrote in message
news:#5k5nYF#EHA.600@TK2MSFTNGP09.phx.gbl...
| Quote: | Well LDAP isn't used for authentication for machines joined to AD because
LDAP
isn't an authentication protocol and is pretty insecure. Kerberos, which
is
secure, is used. If you are looking at truly joining a domain you might
want to
look at the offerings from Centrify or Vintela as they let a UNIX host
truly
join an AD Domain.
joe
--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net
Paul wrote:
Hello all,
I am trying to join a Solaris 10 machine to a Windows 2003 domain using
LDAP. Does anyone know where documentation exists on how to do this.
Thanks
Paul
|
|
|
| Back to top |
|
|
Joe Richards [MVP]
Guest
|
| Posted:
Thu Jan 13, 2005 6:34 am Post subject:
Re: Adding Solaris 10 machine to Active Directory Authentica |
|
|
AD/AM isn't going to do anything for you.
The products by Centrify and Vintela allow you to have a UNIX or LINUX machine
operate like a Windows machine. It hides all of the difficulties for you.
While it is possible to configure this stuff manually, the results either tend
to be complicated or insecure. I know one major company that spent the better
part of 2 years trying to implement kerberos on HP-UX and Solaris boxes using
Windows Servers as KDCs. It was more of an issue with the UNIX versions than
with Windows for the most part.
joe
--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net
Paul wrote:
| Quote: | Thanks - here is what I want to accomplish in the end.
Logging into the Solaris Machine with your Windows Login
Browse/Save/Delete folders and files from Windows to Solaris and vice versa.
Is LDAP needed in this case ?
Or is the only way to go , with something like Centrify ?
What about ADAM (Active Directory Application Mode) ?
Thanks for your help
Paul
"Joe Richards [MVP]" <humorexpress@hotmail.com> wrote in message
news:#5k5nYF#EHA.600@TK2MSFTNGP09.phx.gbl...
Well LDAP isn't used for authentication for machines joined to AD because
LDAP
isn't an authentication protocol and is pretty insecure. Kerberos, which
is
secure, is used. If you are looking at truly joining a domain you might
want to
look at the offerings from Centrify or Vintela as they let a UNIX host
truly
join an AD Domain.
joe
--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net
Paul wrote:
Hello all,
I am trying to join a Solaris 10 machine to a Windows 2003 domain using
LDAP. Does anyone know where documentation exists on how to do this.
Thanks
Paul
|
|
|
| Back to top |
|
|
Paul
Guest
|
| Posted:
Thu Jan 13, 2005 10:18 pm Post subject:
Re: Adding Solaris 10 machine to Active Directory Authentica |
|
|
Thanks Joe - very much
Paul
"Joe Richards [MVP]" <humorexpress@hotmail.com> wrote in message
news:O554jeQ#EHA.3820@TK2MSFTNGP11.phx.gbl...
| Quote: | AD/AM isn't going to do anything for you.
The products by Centrify and Vintela allow you to have a UNIX or LINUX
machine
operate like a Windows machine. It hides all of the difficulties for you.
While it is possible to configure this stuff manually, the results either
tend
to be complicated or insecure. I know one major company that spent the
better
part of 2 years trying to implement kerberos on HP-UX and Solaris boxes
using
Windows Servers as KDCs. It was more of an issue with the UNIX versions
than
with Windows for the most part.
joe
--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net
Paul wrote:
Thanks - here is what I want to accomplish in the end.
Logging into the Solaris Machine with your Windows Login
Browse/Save/Delete folders and files from Windows to Solaris and vice
versa.
Is LDAP needed in this case ?
Or is the only way to go , with something like Centrify ?
What about ADAM (Active Directory Application Mode) ?
Thanks for your help
Paul
"Joe Richards [MVP]" <humorexpress@hotmail.com> wrote in message
news:#5k5nYF#EHA.600@TK2MSFTNGP09.phx.gbl...
Well LDAP isn't used for authentication for machines joined to AD
because
LDAP
isn't an authentication protocol and is pretty insecure. Kerberos, which
is
secure, is used. If you are looking at truly joining a domain you might
want to
look at the offerings from Centrify or Vintela as they let a UNIX host
truly
join an AD Domain.
joe
--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net
Paul wrote:
Hello all,
I am trying to join a Solaris 10 machine to a Windows 2003 domain using
LDAP. Does anyone know where documentation exists on how to do this.
Thanks
Paul
|
|
|
| Back to top |
|
|
Doug
Guest
|
|
| Back to top |
|
|
Doug
Guest
|
| Posted:
Sat Jan 15, 2005 4:23 am Post subject:
Re: Adding Solaris 10 machine to Active Directory Authentica |
|
|
For sharing files you likely want to look into Samba.
This allows the Unix systems to access and share out windows style
SMB/CIFS shares.
http://www.samba.org/
There are also some products that can allow windows to interact with
Unix style NFS shares.
Some examples:
Reflection NFS Client from http://www.wrq.com
ViewNow InterDrive Client from http://www.netmanage.com
NFS Maestro from http://www.hummingbird.com
Of course if you want to do it seamlessly you may want to look at
consolidating your authentication systems.
A slight clarification, if you were going to set up your Solaris
machines to authenticate and get authorization information from Active
Directory (join the domain). You would typically set it up so that:
Authentication: Do this using Kerberos.
Authorization: Do this using LDAP but protect the LDAP bind and data
using SSL/TLS or Kerberos/GSS_API.
So LDAP isn't necessarily insecure it is just that many people don't
secure it.
Another source of information is the
Microsoft Solution Guide for Windows Security and Directory Services
for UNIX
http://www.microsoft.com/technet/itsolutions/cits/interopmigration/unix/usecdirw/00wsdsu.mspx
Unfortunately it doesn't cover SSL/TLS so for a complete solution you
should try the Vintela product or contact:
Certified Security Solutions
http://www.css-security.com/
PADL
http://www.padl.com/
Doug
Paul wrote:
| Quote: | Thanks - here is what I want to accomplish in the end.
Logging into the Solaris Machine with your Windows Login
Browse/Save/Delete folders and files from Windows to Solaris and vice versa.
Is LDAP needed in this case ?
Or is the only way to go , with something like Centrify ?
What about ADAM (Active Directory Application Mode) ?
Thanks for your help
Paul
"Joe Richards [MVP]" <humorexpress@hotmail.com> wrote in message
news:#5k5nYF#EHA.600@TK2MSFTNGP09.phx.gbl...
Well LDAP isn't used for authentication for machines joined to AD because
LDAP
isn't an authentication protocol and is pretty insecure. Kerberos, which
is
secure, is used. If you are looking at truly joining a domain you might
want to
look at the offerings from Centrify or Vintela as they let a UNIX host
truly
join an AD Domain.
joe
--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net
Paul wrote:
Hello all,
I am trying to join a Solaris 10 machine to a Windows 2003 domain using
LDAP. Does anyone know where documentation exists on how to do this.
Thanks
Paul
|
|
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in