Andrew Watkins
2012-03-21 11:38:27 UTC
Hi guys,
I thought I would look into moving from running 2 naming services (LDAP
and AD) and transferring to AD.
I see I have two options:
1) Setup the "NIS unix service on Windows" and use ldapclient to point
to AD server.
This looks a good solution which I see many people have tried, but
the only downfall is I would lose the automount maps, which I can see
how they can be import into AD.
2) Use the Solaris 11 nss_ad Naming Service module.
This may work, but I have had no luck yet, so just wonder if any
one has got it working yet, since Oracle Support and the internet does
not have any information about it! I am using oracle.com doc site:
http://docs.oracle.com/cd/E23824_01/html/821-1455/adsetup-10.html#scrolltoc
- Setup Windows 2008 Server
- After the following command krb5.conf is created and a machine is
created in AD
- #/usr/sbin/kclient -T ms_ad
Starting client setup
---------------------------------------------------
Setting up /etc/krb5/krb5.conf.
Attempting to join 'SOLARIS' to the 'TEST1.INT' domain.
Password for Administrator-DgGwY6IvIQLA+***@public.gmane.org:
Forest name found: test1.int
Site name not found. Local DCs/GCs will not be discovered.
Computer account 'SOLARIS' already exists in the 'TEST1.INT' domain.
Do you wish to recreate this computer account ? [y/n]: y
Would you like to delete any sub-object found for this computer
account ? [y/n]: y
Looking to see if the machine account contains other objects...
Creating the machine account in AD via LDAP.
Warning: unable to set smb domain, server and password information.
Warning: unable to create DNS records for client.
This could mean that 'testaw1.test1.int' is not included as a
'nameserver' in the /etc/resolv.conf file or some other type of error.
---------------------------------------------------
Setup COMPLETE.
# cat /etc/resolv.conf
domain test1.int
search test1.int
nameserver 193.61.29.188
# tail /var/adm/messages
Mar 20 17:19:00 solaris ksmb[3685]: [ID 390819 user.error] SMF
initialization problem: entity not found
Mar 20 17:19:00 solaris ksmb[3685]: [ID 537292 user.error]
smb_setdomainprops: failed to set machine account password
Mar 20 17:19:00 solaris kdyndns[3689]: [ID 380301 user.error]
dyndns: secure update response code: operation refused: 5
Mar 20 17:19:00 solaris kdyndns[3689]: [ID 904790 user.error]
dyndns: both non-secure and secure updates failed on all configured name
servers
Mar 20 17:19:00 solaris kdyndns[3689]: [ID 380301 user.error]
dyndns: secure update response code: operation refused: 5
Mar 20 17:19:00 solaris kdyndns[3689]: [ID 904790 user.error]
dyndns: both non-secure and secure updates failed on all configured name
servers
As always thanks,
Andrew
I thought I would look into moving from running 2 naming services (LDAP
and AD) and transferring to AD.
I see I have two options:
1) Setup the "NIS unix service on Windows" and use ldapclient to point
to AD server.
This looks a good solution which I see many people have tried, but
the only downfall is I would lose the automount maps, which I can see
how they can be import into AD.
2) Use the Solaris 11 nss_ad Naming Service module.
This may work, but I have had no luck yet, so just wonder if any
one has got it working yet, since Oracle Support and the internet does
not have any information about it! I am using oracle.com doc site:
http://docs.oracle.com/cd/E23824_01/html/821-1455/adsetup-10.html#scrolltoc
- Setup Windows 2008 Server
- After the following command krb5.conf is created and a machine is
created in AD
- #/usr/sbin/kclient -T ms_ad
Starting client setup
---------------------------------------------------
Setting up /etc/krb5/krb5.conf.
Attempting to join 'SOLARIS' to the 'TEST1.INT' domain.
Password for Administrator-DgGwY6IvIQLA+***@public.gmane.org:
Forest name found: test1.int
Site name not found. Local DCs/GCs will not be discovered.
Computer account 'SOLARIS' already exists in the 'TEST1.INT' domain.
Do you wish to recreate this computer account ? [y/n]: y
Would you like to delete any sub-object found for this computer
account ? [y/n]: y
Looking to see if the machine account contains other objects...
Creating the machine account in AD via LDAP.
Warning: unable to set smb domain, server and password information.
Warning: unable to create DNS records for client.
This could mean that 'testaw1.test1.int' is not included as a
'nameserver' in the /etc/resolv.conf file or some other type of error.
---------------------------------------------------
Setup COMPLETE.
# cat /etc/resolv.conf
domain test1.int
search test1.int
nameserver 193.61.29.188
# tail /var/adm/messages
Mar 20 17:19:00 solaris ksmb[3685]: [ID 390819 user.error] SMF
initialization problem: entity not found
Mar 20 17:19:00 solaris ksmb[3685]: [ID 537292 user.error]
smb_setdomainprops: failed to set machine account password
Mar 20 17:19:00 solaris kdyndns[3689]: [ID 380301 user.error]
dyndns: secure update response code: operation refused: 5
Mar 20 17:19:00 solaris kdyndns[3689]: [ID 904790 user.error]
dyndns: both non-secure and secure updates failed on all configured name
servers
Mar 20 17:19:00 solaris kdyndns[3689]: [ID 380301 user.error]
dyndns: secure update response code: operation refused: 5
Mar 20 17:19:00 solaris kdyndns[3689]: [ID 904790 user.error]
dyndns: both non-secure and secure updates failed on all configured name
servers
As always thanks,
Andrew
--
Andrew Watkins * Birkbeck College
http://notallmicrosoft.blogspot.com/
Andrew Watkins * Birkbeck College
http://notallmicrosoft.blogspot.com/