Wednesday, October 03, 2012

Solaris 11 Authentication Login with Active Directory

Password Authentication in Computer Science at Birkbeck was always very complicated for no reason. Over the years we had multiple passwords which always confused our students:  YP & Active Directory, then NIS & AD, then LDAP with password Sync with AD, but with Solaris 11 & Solaris 10 I was finally in a position to get this sorted out.

There is a lot of pages out there which help with this, but the best I found was http://www.seedsofgenius.net/solaris/solaris-authentication-login-with-active-directory (This link does not seem to work now, so here is a cached version: https://web.archive.org/web/20151101112540/www.seedsofgenius.net/solaris/solaris-authentication-login-with-active-directory) so please go ahead and follow this for more details. I have a cut down version here for Solaris 11.

I will presume you have setup your Windows server (see link above Install UNIX Schema into Active Directory and Create ProxyDN User Account).

Updated: Testing Section (30th October 2012)
Updated: Setup DNS Section (7th July 2014)
Updated: Kerberos testing "kinit -V" (29th January 2016) 
Updated: Setup LDAP client "followReferrals=false" (29th January 2016)
Updated: Setup PAM (29th January 2016)
Updated: Tested on Solaris 11.3 (29th January 2016) 

Settings being used:
Windows 2008 R2 AD servers = dcsad01 (193.61.1.1) and dcsad02 (193.61.2.2)
Domain = dcs.bbk.ac.uk
Kerberos Realm = DCS.BBK.AC.UK