Can Solaris use Windows NT domain for user IDs

[chrisj01]

Hello,

We are implementing two SUN boxes soon running Solaris 8, we will probably upgrade to Solaris 9 if the application vendor agrees to support that OS.

Here's the problem, we have a Windows NT4 Domain structure. These two SUN boxes are the only UNIX type systems we have, every thing else is Windows. We don't want to have to recreate all the user IDs on Solaris and maintain two seperate user ID databases.

Is there a way to get Solaris to access and use the NT4 user IDs? We will have to assign different rights to users so Solaris needs to be able to see all the IDs.

Thanks in advace for any ideas or suggestions on this.

Chris

 

[blazin1]

yes there is a way. in fact that is exactly what i have set up.

you first have to have separate ip address' in order for the sun boxes to be seen by the nt system. you then have to name your sun boxes. if your running software off the sun systems, you will have to hard code the ip address in the sun servers. the users of the software on the sun systems can still have dynamically assigned ip address. the sun servers then have to have a listing...ie. admin...of the users and then you'll have to write a short script in c for each user that allows them to login and use the software. usually a few lines that include the directory of the software on the sun server.

 

[Annihilannic]

Solaris support LDAP, so if you can find an LDAP adapter for your Active Directory or NT Domain (maybe this facility is already included with Windows?) perhaps that would be the way to go.

We are considering doing something similar, although the thought makes me shudder! So please post your solution if you find one...

Annihilannic.

 

[ady2k]

You need to install samba to access your NT server.
And you can download samba software for solaris from

http://www.samba.org

Good Luck

 

[blazin1]

I use Reflections to access the server. It's a pretty simple setup. Reflections is installed on a pc. The software calls for the user to enter the name of the server your trying to access, then the hard coded ip address. The software on the server is then accessable. I'll write more in a moment. I'm attempting my first recovery of a sample file. I think I have it but lemme check. then I'll go through exactly what i've done to hook up my server through the nt network.

 

[blazin1]

Now then, I've been working on my recovery skills. Did that. Updated my fantasy baseball team and am ready to go. First thing first. The sun server i use sits behind the nt firewall. keep in mind i don't know very much about nt other than that i think it's a glorified pier to pier network setup. I assume your nt setup dynamically assigns ip address to users for e-mail and network access. Obviously depending on your class address etc, figure out an ip address, and hard code it into your nt system. Obviously take into consideration how many users will use your server. Say it's only 10 users, I'd still set up your ip address to cover more than you'll ever need. Better safe than sorry.
in your sun server, cd netmasks
add your new ip address here. put it on the same line as your 255 255 255 0 netmask address.

more in a second

 

[blazin1]

now, in the hosts file;
you have to have the local hosts address
127 0 0 1 is the default.
next line,
your new hard coded ip address full this time.
this is the internet hosts table. must have it.

206 16 4 9 or whatever

in netmasks it would be 206 16 0 0

you need to have a loopback table for machine to machine communication. that goes in the etc/networks file

line would be loopback 127
leave the arpnet line alone. old timers might get miffed if they can't play around on the old old web.
you'll have to be sure to setup the profiles. I have mine set up so that my users have the same permissions as each other. I set up some traps to keep the users from being able do certain things here.
I named my machine in the rhosts file
simply add a name there.

now i'll be back in a few minutes and get the details on the nt side of the hookup. be right back.

 

[KenCunningham]

Blazin1: "Now then"?

I don't suppose you have any connection with Sir Jimmy Saville OBE do you? BTW, this is probably only of relevance to UK readers!

Well.....it is Friday afternoon!

 

[Annihilannic]

blazin1,

I'm not sure you're answering the right question? I think Chris wants to know whether he can set up user authentication against a Windows NT domain (similar to NIS) using pam_smb, LDAP, or similar. I presume he is already connected to his Windows network.

Correct me if I'm wrong, Chris.

Annihilannic.

 

[blazin1]

Annhilannic:
I'm sure your right. Anyway, wish I could have been of more help.
Ken: Thanks, I love to get ripped on Friday's.

 

[KenCunningham]

'get ripped'? Sorry, that's beyond me - can you explain? No offence meant, just the result of a leaving party!

Anyway - have a good weekend

 

[blazin1]

O.K. You have a good weekend too. Half day Friday's during summer. So I get in as early as I can. You know, I do have a friend in NYC who may be able to help with the authentication issue and another friend in DC. I'll ask around and see what they come up with (LDAP).