1ad(5)                 Standards, Environments, and Macros                ad(5)
2
3
4

NAME

6       ad - Active Directory as a naming repository
7

DESCRIPTION

9       Solaris  clients  can  obtain  naming information from Active Directory
10       (AD) servers.
11
12
13       The Solaris system must first join an AD domain and  then  add  the  ad
14       keyword  to  the  appropriate entries in the nsswitch.conf(4) file. The
15       Solaris system joins the AD domain by using the   kclient(1M)  utility.
16       The  AD  name service only supports the naming databases for passwd and
17       group.
18
19
20       Windows users are not able to log in. The user_attr(4) database has  no
21       entries  for  Windows users, and the passwd(1) command does not support
22       the synchronization of user passwords with AD.
23
24
25       The Solaris AD client uses auto-discovery techniques to find AD  direc‐
26       tory  servers,  such  as domain controllers and global catalog servers.
27       The client also uses the LDAP v3 protocol to access naming  information
28       from  AD servers. The AD server schema requires no modification because
29       the AD client works with native AD schema. The Solaris AD  client  uses
30       the  idmap(1M)  service  to  map  between  Windows security identifiers
31       (SIDs) and  Solaris  user  identifiers  (UIDs)  and  group  identifiers
32       (GIDs).  User  names  and group names are taken from the sAMAccountName
33       attribute of the AD user and group objects and  then  tagged  with  the
34       domain  where the objects reside. The domain name is separated from the
35       user name or group name by the @ character.
36
37
38       The client uses the SASL/GSSAPI/KRB5 security model. The kclient  util‐
39       ity  is  used  to  join  the  client  to AD. During the join operation,
40       kclient configures Kerberos v5 on the client. See kclient(1M).
41

FILES

43       /etc/nsswitch.conf      Configuration file for the name-service switch.
44
45
46       /etc/nsswitch.ad        Sample configuration file for the  name-service
47                               switch configured with ad, dns and files.
48
49
50       /usr/lib/nss_ad.so.1    Name service switch module for AD.
51
52

SEE ALSO

54       passwd(1),  svcs(1),  idmap(1M),  idmapd(1M),  kclient(1M), svcadm(1M),
55       svccfg(1M), svccfg(1M), nsswitch.conf(4), user_attr(4), smf(5)
56
57
58
59SunOS 5.11                        22 Oct 2008                            ad(5)
Impressum