[Samba] Re: Anyone have Solaris 8/9, W2K AD, NIS working?

Michal Kurowski mkur at poczta.gazeta.pl
Fri Jul 30 19:04:47 GMT 2004


It is difficult to give a good answer to questions like this one.

I would suggest thinking on major objectives first and then plan your
deployment on tour own.

I learned Sun ONE DS offers many things oldap doesn't yet have.
It is specially so if you have more then few Solaris machines. You could
go with SEAM/Ldap config which means native Solaris client and I
think it is much more secure then what Padl offers. You could have full
unix SSO and Samba connectivity at the same time. Moreover you can
ditch Microsoft AD completely which would lessen the burden factor
significantly and would make it much more secure. The same allies to
NIS.

You can also choose Directory Server on it's own which works great
for samba but will not give SSO. But you wouldn't have to configure
GSS-API on Solaris. You would also want SSL client config instead of
SASL.

There's always some confusion when choosing authentication and
authorization processes in a mixed environment. I think choosing 
SEAM (which is MIT Kerberos 1.3.1) for the former and DS 5.2 for the
latter is the most mature solution for Solaris now. Solaris 9,
of course ;-)

HTH,

-- 
Michal Kurowski
perl -e '$_=q#: 13_2: 12/o{>: 8_4) (_4: 6/2^-2; 3;-2^\2: 5/7\_/\7: 12m m::#;
y#:#\n#;s#(\D)(\d+)#$1x$2#ge;print'



More information about the samba mailing list