[Samba] Anyone have Solaris 8/9, W2K AD, NIS working?

Paul Gienger pgienger at ae-solutions.com
Thu Jul 29 19:45:36 GMT 2004 

It sounds like you need to pick a network directory service and go with 
it, I'd suggest LDAP over NIS any day.  I have had a solaris (9 I think) 
box running happily over LDAP and AD2000, although it was just for test.

> I'm trying to get Solaris authentication to work using AD user 
> accounts. According to The Official Samba 3 Howto and Reference Guide, 
> this should be a simple thing. Well, it is, as long as you don't care 
> that the UNIX userid to SID mapping isn't consistent across NIS 
> clients, which really screws up file ownership.

You need a central structure to hold your SID mappings if you're 
traversing machines, AFAICT, the only network structure supported is LDAP.

> Well, it just isn't working. I've tried the instructions in there, 
> which are laughably inadequate. They don't cover NIS or the SID-userid 
> mapping problem properly. I've searched this mailing list for answers, 
> and haven't found much. I simply cannot get Samba to store the userid 
> mapping in the AD Idmap OU.

Perhaps some expansion on your issues here would help:
What kind of errors is samba spitting back
What configurations have you done.

> I'm not going to detail the very large list of things I've been trying 
> for months now, but they include installing Services for Unix on the 
> AD servers, installing OpenLDAP and Kerberos, installing the idmap_ad 
> plugin on my test Solaris box, configuring pam.conf and nsswitch.conf, 
> setting up winbind, oh, the list goes on.
>
> If anyone out there is running NIS on their Solaris boxes, and has 
> single sign-on working properly using AD-based authentication, with 
> consistent SID->userid mapping (i.e. a SID gets mapped to the same 
> UNIX userid no matter which Solaris client is used), I'd very much 
> like to talk to that person to find out how they got it working.

I'm curious, why the insistance on NIS?  Do you have other apps that 
require it?  Are you having problems getting autofs on solaris to talk 
to LDAP?  If so, a guy can short circuit it by making files from the 
ldap structure, that's what I do.  Are you an old school sun guy from 
way back that can't let go of it?  Give in to the dark side of the 
DIT,... err... I mean use ldap, its better over here... or something, 
you get my drift hopefully.

-- 
Paul Gienger                     Office: 701-281-1884
Applied Engineering Inc.         
Information Systems Consultant   Fax:    701-281-1322
URL: www.ae-solutions.com        mailto: pgienger at ae-solutions.com

More information about the samba mailing list