Solaris Ad Integration

Only available on StudyMode
  • Download(s) : 114
  • Published : June 19, 2011
Open Document
Text Preview
Using Kerberos to Authenticate a SolarisTM 10 OS LDAP Client With Microsoft Active Directory

Wajih Ahmed and Baban Kenkre March 2008 (Updated May 2008) Sun Microsystems, Inc. Please note: This configuration uses a shell script called adjoin.sh to automate the process of joining the Solaris client to the Active Directory domain and configures Kerberos on the client. This script is not supported by Sun and is not part of the Solaris distribution. (See the For More Information section for information about downloading the adjoin script.) THE SOLUTION DESCRIBED IN THIS PAPER SHOULD BE TREATED AS PROOF OF CONCEPT AND SHOULD NOT BE USED IN PRODUCTION.

Copyright © 2008 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, California 95054, U.S.A. All rights reserved. U.S. Government Rights - Commercial software. Government users are subject to the Sun Microsystems, Inc. standard license agreement and applicable provisions of the FAR and its supplements. Use is subject to license terms. This distribution may include materials developed by third parties. Parts of the product may be derived from Berkeley BSD systems, licensed from the University of California. UNIX is a registered trademark in the U.S. and in other countries, exclusively licensed through X/Open Company, Ltd. X/Open is a registered trademark of X/Open Company, Ltd. Sun, Sun Microsystems, the Sun logo, Solaris, and OpenSolaris are trademarks or registered trademarks of Sun Microsystems, Inc. in the U.S. and other countries. Microsoft product screen shot(s) reprinted with permission from Microsoft Corporation. This product is covered and controlled by U.S. Export Control laws and may be subject to the export or import laws in other countries. Nuclear, missile, chemical biological weapons or nuclear maritime end uses or end users, whether direct or indirect, are strictly prohibited. Export or reexport to countries subject to U.S. embargo or to entities identified on U.S. export exclusion lists, including, but not limited to, the denied persons and specially designated nationals lists is strictly prohibited. DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID.

Using Kerberos to Authenticate a Solaris 10 OS LDAP Client With Microsoft Active Directory

2

Table of Contents
Introduction................................................................................................................................................4 Installing Identity Management for UNIX.................................................................................................5 Provisioning a UNIX User in Active Directory.........................................................................................7 Configuring DNS.......................................................................................................................................8 Synchronizing the Clocks and Configuring Time Zones...........................................................................9 Tuning Active Directory..........................................................................................................................10 Configuring Kerberos..............................................................................................................................12 Initializing the Solaris LDAP Client........................................................................................................17 Using the Naming Service Switch and Pluggable Authentication Modules (PAM)...............................19 Testing the Client.....................................................................................................................................20 Testing Password...
tracking img