Re: Adding Solaris 10 machine to Active Directory Authentication
From: Doug (none_at_none.com)
Date: 01/14/05
- Next message: Joe Richards [MVP]: "Re: User Profiles - JOHN~1~SMITH"
- Previous message: Jesse Gardner: "User Profiles - JOHN~1~SMITH"
- In reply to: Paul: "Re: Adding Solaris 10 machine to Active Directory Authentication"
- Next in thread: Doug: "Re: Adding Solaris 10 machine to Active Directory Authentication"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 14 Jan 2005 14:23:20 -0800
For sharing files you likely want to look into Samba.
This allows the Unix systems to access and share out windows style
SMB/CIFS shares.
http://www.samba.org/
There are also some products that can allow windows to interact with
Unix style NFS shares.
Some examples:
Reflection NFS Client from http://www.wrq.com
ViewNow InterDrive Client from http://www.netmanage.com
NFS Maestro from http://www.hummingbird.com
Of course if you want to do it seamlessly you may want to look at
consolidating your authentication systems.
A slight clarification, if you were going to set up your Solaris
machines to authenticate and get authorization information from Active
Directory (join the domain). You would typically set it up so that:
Authentication: Do this using Kerberos.
Authorization: Do this using LDAP but protect the LDAP bind and data
using SSL/TLS or Kerberos/GSS_API.
So LDAP isn't necessarily insecure it is just that many people don't
secure it.
Another source of information is the
Microsoft Solution Guide for Windows Security and Directory Services
for UNIX
http://www.microsoft.com/technet/itsolutions/cits/interopmigration/unix/usecdirw/00wsdsu.mspx
Unfortunately it doesn't cover SSL/TLS so for a complete solution you
should try the Vintela product or contact:
Certified Security Solutions
http://www.css-security.com/
PADL
http://www.padl.com/
Doug
Paul wrote:
> Thanks - here is what I want to accomplish in the end.
>
> Logging into the Solaris Machine with your Windows Login
> Browse/Save/Delete folders and files from Windows to Solaris and vice versa.
>
> Is LDAP needed in this case ?
> Or is the only way to go , with something like Centrify ?
> What about ADAM (Active Directory Application Mode) ?
>
> Thanks for your help
>
> Paul
>
> "Joe Richards [MVP]" <humorexpress@hotmail.com> wrote in message
> news:#5k5nYF#EHA.600@TK2MSFTNGP09.phx.gbl...
>
>>Well LDAP isn't used for authentication for machines joined to AD because
>
> LDAP
>
>>isn't an authentication protocol and is pretty insecure. Kerberos, which
>
> is
>
>>secure, is used. If you are looking at truly joining a domain you might
>
> want to
>
>>look at the offerings from Centrify or Vintela as they let a UNIX host
>
> truly
>
>>join an AD Domain.
>>
>> joe
>>
>>--
>>Joe Richards Microsoft MVP Windows Server Directory Services
>>www.joeware.net
>>
>>
>>Paul wrote:
>>
>>>Hello all,
>>>
>>>I am trying to join a Solaris 10 machine to a Windows 2003 domain using
>>>LDAP. Does anyone know where documentation exists on how to do this.
>>>
>>>Thanks
>>>Paul
>>>
>>>
>
>
>
- Next message: Joe Richards [MVP]: "Re: User Profiles - JOHN~1~SMITH"
- Previous message: Jesse Gardner: "User Profiles - JOHN~1~SMITH"
- In reply to: Paul: "Re: Adding Solaris 10 machine to Active Directory Authentication"
- Next in thread: Doug: "Re: Adding Solaris 10 machine to Active Directory Authentication"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
