I'm beginning to tire of maintaining individual system files on my increasing number of Solaris servers (was 2, now 10 and growing strong). I'm looking at the Sun Java Directory Server as a non NIS/NIS+ solution.
We run a predominantly Windows shop here, and so I'm also toying with one of two things:
- Using Kerberos auth directly from the Solaris clients to AD (with appropriate utilities on the domain controllers), or
- Using the Directory Server and using their identity sync product to sync to the Windows domain
At this point I'm leaning more toward #2 because I only need to muck with AD if I (or the user community) want to share credentials between servers.
Any insight or horror stories are appreciated.
You can work with a BigAdmin article
Using Kerberos to Authenticate a Solaris 10 OS LDAP Client With Microsoft Active Directory
There is a little disclaimer on the page but it's like ntfs-3g. If it works and is useful, go for it.
I might also suggest you take a look at LikeWise Open. http://www.likewise.com/products/likewise_open/index.php
I use it on roughly 18 Solaris 9 and 10 servers, and another 30-40 Linux servers. Its works fantastically, with very little issues in my environment.
Take a look at Centrify's DirectControl product.
We use Vintella Authentication System to authenticate/authorize users on 2000+ Solaris/Linux hosts against AD. Hope this helps.