What a frustrating afternoon. I spent today working on the Solaris LDAP/Kerberos configuration for authenticating against AD. The short story is that I can now successfully login to my Solaris 10 zone using my windows credentials. Just like on the linux box. The long story (with details) will be posted later because Alex and I are still trying to work through an issue with pam_ldap on Solaris. Basically, Windows implements a function called VLV in it’s LDAP config that causes Solaris to choke whenever you attempt to enumerate a large set of directory entries. The “fix” involves disabling it on the domain controllers, but that breaks other things in the Windows environment.
Oh, and my frustration today? Solved with five minutes of work after I had banged on it for three hours. My zone is a test zone. And as a test zone, it never got a DNS entry created for it. Yep. Creating a hostname for it got everything working. What confused me is that I got everything to work for a single login about half way through the day but promptly broke it and had no idea why it worked.
Remember, DNS is an important part of a healthy diet. Who knew?