So, some Solaris updates

Some minor updates on the Solaris/AD front. Alex and I have opened tickets with both Microsoft and Sun regarding the problems we’re seeing with VLV support between Solaris and Active Directory. Based on conversations and emails with both companies, we don’t think it’s VLV that’s really broken. Along with VLV, it appears you have to/should […]

Solaris logins work!

What a frustrating afternoon. I spent today working on the Solaris LDAP/Kerberos configuration for authenticating against AD. The short story is that I can now successfully login to my Solaris 10 zone using my windows credentials. Just like on the linux box. The long story (with details) will be posted later because Alex and I […]

Whoops. Account lockouts baaaaaaad!

So I found one downside to using this AD/LDAP configuration. Ok, not really a downside, just a really big caveat. The account used for binding to the LDAP server can get locked out if it authenticates too many times with the wrong password. Discovered this yesterday when I inadvertently changed the password in my configuration […]

Woot! Unix group enumeration from AD groups.

Well, that was easy enough. Just needed to understand a bit more of the AD OU structure here. (Sanitized a bit for now). -bash-3.2$ touch foo bar baz quux -bash-3.2$ ls -l total 0 -rw-r–r– 1 hcoyote UNIXTEST-test 0 Jun 3 16:59 bar -rw-r–r– 1 hcoyote UNIXTEST-test 0 Jun 3 16:59 baz -rw-r–r– 1 hcoyote […]

Ha ha! SSL success for AD/LDAP.

Ha ha! Further success on the Linux -> Active Directory integration front. I got SSL working for the underlying ldap bind user. What’s this mean? Protection of the directory information over the wire as it travels from the domain controller to the client host where it will be used. So what’s the necessary setup bits?  […]

Authenticating to Austin AD from Linux

Woot!  With the help of barthag, I got one of our linux boxes configured to provide passwd file map backend via AD/LDAP and authentication via AD/Kerberos.  Most of the problems stem from permissions issues on the AD side and making sure things are open “enough” to let us through to query for information. On the […]