Using Active Directory as name service

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Using Active Directory as name service

Andrew Watkins-2-3

Hi guys,

I thought I would look into moving from running 2 naming services (LDAP
and AD) and transferring to AD.
I see I have two options:

1) Setup the "NIS unix service on Windows" and use ldapclient to point
to AD server.
     This looks a good solution which I see many people have tried, but
the only downfall is I would lose the automount maps, which I can see
how they can be import into AD.


2) Use the Solaris 11 nss_ad Naming Service module.
     This may work, but I have had no luck yet, so just wonder if any
one has got it working yet, since Oracle Support and the internet does
not have any information about it! I am using oracle.com doc site:
http://docs.oracle.com/cd/E23824_01/html/821-1455/adsetup-10.html#scrolltoc

     - Setup Windows 2008 Server
     - After the following command krb5.conf is created and a machine is
created in AD

     - #/usr/sbin/kclient -T ms_ad
     Starting client setup
     ---------------------------------------------------
     Setting up /etc/krb5/krb5.conf.
     Attempting to join 'SOLARIS' to the 'TEST1.INT' domain.
     Password for [hidden email]:
     Forest name found: test1.int
     Site name not found.  Local DCs/GCs will not be discovered.

     Computer account 'SOLARIS' already exists in the 'TEST1.INT' domain.
     Do you wish to recreate this computer account ? [y/n]: y

     Would you like to delete any sub-object found for this computer
account ? [y/n]: y
     Looking to see if the machine account contains other objects...
     Creating the machine account in AD via LDAP.

     Warning: unable to set smb domain, server and password information.
     Warning: unable to create DNS records for client.
     This could mean that 'testaw1.test1.int' is not included as a
'nameserver' in the /etc/resolv.conf file or some other type of error.
     ---------------------------------------------------
     Setup COMPLETE.

     # cat /etc/resolv.conf
     domain    test1.int
     search    test1.int
     nameserver    193.61.29.188

     # tail /var/adm/messages
     Mar 20 17:19:00 solaris ksmb[3685]: [ID 390819 user.error] SMF
initialization problem: entity not found
     Mar 20 17:19:00 solaris ksmb[3685]: [ID 537292 user.error]
smb_setdomainprops: failed to set machine account password
     Mar 20 17:19:00 solaris kdyndns[3689]: [ID 380301 user.error]
dyndns: secure update response code: operation refused: 5
     Mar 20 17:19:00 solaris kdyndns[3689]: [ID 904790 user.error]
dyndns: both non-secure and secure updates failed on all configured name
servers
     Mar 20 17:19:00 solaris kdyndns[3689]: [ID 380301 user.error]
dyndns: secure update response code: operation refused: 5
     Mar 20 17:19:00 solaris kdyndns[3689]: [ID 904790 user.error]
dyndns: both non-secure and secure updates failed on all configured name
servers


As always thanks,

Andrew

--
Andrew Watkins * Birkbeck College
http://notallmicrosoft.blogspot.com/

_______________________________________________
opensolaris-discuss mailing list
[hidden email]