BigAdmin Feature Article: Using Kerberos to Authenticate a Solaris 10 OS LDAP Client With Microsoft Active Directory

Submit Content | Check BigAdmin Bucks

Using Kerberos to Authenticate a Solaris 10 OS LDAP Client With Microsoft Active Directory

Wajih Ahmed and Baban Kenkre, March 2008 (Updated May 2008)

Introduction

This document describes how to configure a Solaris OS client to use Microsoft Windows Server 2003 R2 Enterprise Edition (Active Directory) for authentication and naming services. The Solaris client uses per-user authentication (also called self-credentials) for naming service lookups instead of a proxy account. This new functionality is available starting with the Solaris 10 08/07 OS.

This configuration uses a shell script called adjoin.sh to automate the process of joining the Solaris client to the Active Directory domain and configures Kerberos on the client. This script is not supported by Sun and is not part of the Solaris distribution. (See the For More Information section for information about downloading the adjoin script.)

A new version of adjoin tool is available for the Solaris 10 5/08 release (see the For More Information section of the article). This version contains an updated ksetpw source and binary which has been modified to run on the Solaris 10 5/08 OS. See the README file for more details. Note that the ksetpw.c source file in this version can also be used on OpenSolaris systems.

THE SOLUTION DESCRIBED IN THIS PAPER SHOULD BE TREATED AS PROOF OF CONCEPT AND SHOULD NOT BE USED IN PRODUCTION.

For more details, see the list of contents below.

Download the document as PDF.

Introduction
Installing Identity Management for UNIX
Provisioning a UNIX User in Active Directory
Configuring DNS
Synchronizing the Clocks and Configuring Time Zones
Tuning Active Directory
Configuring Kerberos
Initializing the Solaris LDAP Client
Using the Naming Service Switch and Pluggable Authentication Modules (PAM)
Testing the Client
Testing Password Management
Troubleshooting
For More Information
Change Log

For More Information

Here are additional resources:

Training courses available at http://www.sun.com/training/:
- Using LDAP as a Naming Service (IN-351)
- Enterprise Security Using Kerberos and LDAP (SC-360)
- LDAP Design and Deployment (WI-3501)
Support:
Open source resources:
- Sparks project, which provides naming service enhancements
- CIFS client for Solaris
Discussions, such as the Solaris Forums
Related documents:
- Sun BluePrints book LDAP in the Solaris Operating Environment: Deploying Secure Directory Services
- Documentation at http://docs.sun.com
Related web sites and articles:
- Solaris Information Center on the BigAdmin web site
- Kerberos and LDAP Troubleshooting Tips on Microsoft web site
Events of interest to users of Sun products:
- Worldwide developer events
- Current events

Change Log: In May 2008, information was added for Solaris 5/08 release. Also, further details were provided regarding the adjoin script.

Comments (latest comments first)

Discuss and comment on this resource in the BigAdmin Wiki

Unless otherwise licensed, code in all technical manuals herein (including articles, FAQs, samples) is provided under this License.

	Popular Downloads
Untitled Document Berkeley DB Enterprise Manager Database EE and XE Developer VMs Enterprise Pack for Eclipse Java JDeveloper and ADF Oracle Linux and Oracle VM MySQL NetBeans IDE NoSQL Database Solaris SQL Developer VirtualBox WebLogic Server