[Samba] Solaris, Winbind and Active Directory Authentication

Gerald (Jerry) Carter jerry at samba.org
Fri May 20 18:38:20 GMT 2005

Hash: SHA1

L. Mark Stone wrote:
> We have not worked with Solaris much, and our contract Solaris guy has 
> very little experience with Winbind.  So, we are like two blind people 
> touching opposite ends of the elephant and trying to come to a 
> solution.  (No comments please on which end I drew...)  :-)
> The question involves authentication in a native mode Windows 2000 
> Active Directory domain.
> Is there any reason Samba/Winbind running on Solaris could not be used 
> for authenticating users who want to access resources on the Solaris 
> box against the AD user/group accounts?  We have done this with a SuSE 
> box, but never with a Solaris box (yet!).
> Currently, the Solaris system (9 now, upgrading to 10 later this 
> year...) is manually populated with a set of *NIX user accounts that 
> mirror the accounts in AD.  This creates a lot of administrative 
> overhead (there are some 300+ user accounts, and employee turnover is 
> by nature fairly high), and will create even more help desk issues as 
> the AD environment is about to implement a GPO forcing frequent 
> password changes.
> Any major "gotchas" we should watch out for?

There is a bug in the current Samba code where we never change
the machine trust account password when configured for 'security
= ads'. If the AD administrators are disabling accounts based
on the last password change time, this will be an issue for you.
But then, we need to fix it anyways.

Other than that, you should be ok.

cheers, jerry
Alleviating the pain of Windows(tm)      ------- http://www.samba.org
GnuPG Key                ----- http://www.plainjoe.org/gpg_public.asc
"I never saved anything for the swim back."     Ethan Hawk in Gattaca
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org


More information about the samba mailing list