[Samba] Anyone have Solaris 8/9, W2K AD, NIS working?

Paul Gienger pgienger at ae-solutions.com
Fri Jul 30 14:43:27 GMT 2004 


Erwin Fritz wrote:

> Paul Gienger wrote:
>
>> It sounds like you need to pick a network directory service and go 
>> with it, I'd suggest LDAP over NIS any day.  I have had a solaris (9 
>> I think) box running happily over LDAP and AD2000, although it was 
>> just for test.
>
>
> Oh, I totally agree with you on choosing LDAP over NIS. The problem is 
> that if I go LDAP, I'd prefer a non-proprietary solution, and that 
> means OpenLDAP. There are known conflicts between Solaris's built-in 
> LDAP libraries and OpenLDAP (but those can, in theory, be gotten 
> around, although I've run into grief attempting to do so).

Solaris 9 works fine with OLDAP, maybe even AD if your structure looks 
right, and provided you add some non-standard things (DUAConfig) to your 
schema it will even stop complaining about most things, 8 not so much.  
8 was a PITA in general.

>> You need a central structure to hold your SID mappings if you're 
>> traversing machines, AFAICT, the only network structure supported is 
>> LDAP.
>
>
> In theory, AD is LDAP-compliant, although Microsoft's added a bunch of 
> tweaks. So I was hoping to us AD as the LDAP repository. That many not 
> work, though, and may be the cause of a lot of my problems.
>
> When you got it to work, did you use a separate LDAP repository for 
> SID mappings? Or did you manage to store them in AD?

We went oldap, but I believe I've seen someone using AD for that.  I'm 
no AD wizard, so I can't offer too much of a suggestion there. 

> I'd prefer to have only one LDAP server running, and the architecture 
> here already has AD. So I'd like to keep things simple and use AD as 
> that repository if I can. I'm willing to build an OpenLDAP server if I 
> have to, but that seems redundant to me.

As an FYI, you'll have to build the oldap server to compile samba 
against, but that doesn't mean you have to 'run' it.

> I am an old school Sun guy (but System V, not BSD!), but I agree that 
> NIS is obsolete, has a million security holes in it, and deserves to 
> be given a decent burial.

I'd settle for burning it at the stake.   Most of my hostility for NIS 
comes from NIS+ (or NIS- as I called it 'round these parts), but a NIS 
by a different name... still stinks like poo.

-- 
Paul Gienger                     Office: 701-281-1884
Applied Engineering Inc.         
Information Systems Consultant   Fax:    701-281-1322
URL: www.ae-solutions.com        mailto: pgienger at ae-solutions.com

More information about the samba mailing list