[Samba] Anyone have Solaris 8/9, W2K AD, NIS working?

[Erwin Fritz]

Okay, I'm at wit's end, and am about ready to give up on Samba 3.x as a way to implement single sign-on.

I would like to know if there's anyone out there who has the following environment:

- Solaris 8 and 9, running NIS (not NIS+) for automount and passwd/group maps
- W2K-based Active Directory

I'm trying to get Solaris authentication to work using AD user accounts. According to The Official Samba 3 Howto and Reference Guide, this should be a simple thing. Well, it is, as long as you don't care that the UNIX userid to SID mapping isn't consistent across NIS clients, which really screws up file ownership.

Well, it just isn't working. I've tried the instructions in there, which are laughably inadequate. They don't cover NIS or the SID-userid mapping problem properly. I've searched this mailing list for answers, and haven't found much. I simply cannot get Samba to store the userid mapping in the AD Idmap OU.

I'm not going to detail the very large list of things I've been trying for months now, but they include installing Services for Unix on the AD servers, installing OpenLDAP and Kerberos, installing the idmap_ad plugin on my test Solaris box, configuring pam.conf and nsswitch.conf, setting up winbind, oh, the list goes on.

If anyone out there is running NIS on their Solaris boxes, and has single sign-on working properly using AD-based authentication, with consistent SID->userid mapping (i.e. a SID gets mapped to the same UNIX userid no matter which Solaris client is used), I'd very much like to talk to that person to find out how they got it working.

Anyone?