Thanks Nico! I didn't know you were involved with this.
More below... Nicolas Williams wrote: > On Tue, Jun 17, 2008 at 01:43:46PM -0400, Kyle McDonald wrote: > >> The part I'm fuzzy on are the nameservies interoperation. I know the >> CIFS server required a bunch of work to deal with windows user and >> groups for file ownership and access control. What is new in Solaris >> though for shareing usernames and passwords (and other account >> information) between Windows and Solaris? >> >> For example, is it possible for a Solaris machine to participate in a >> Windows Active Driectory Domain as a client? >> > > Yes. > > Cool. >> as a Domain Controller? >> > > No. > > That's OK. But (liking Solaris as much as I do,) it seems a shame to leave Windows as the only system that can be the authoritative source for this stuff. :) >> Another question, is if/when Windows users login on Solaris, where/how >> is the UID/GID assigned? >> > > See the ID mapping portion of the CIFS guide. > > Thanks, I'll go look for that now. >> The reason I ask is that I'm really looking for >> a solution that will let me set both linux and Solaris to share >> usernames and passwords with Windows, while Linux and Solaris share >> files through NFS. >> > > The solution we use works for Solaris. We made no changes to Linux. > > You can still interop with Linux and use Windows identities provided > that you have a Unix name service with users and groups that are the > equivalents of Windows ones. SFU will do as a such a name services. > > Is SFU the only option right now? Is MS still developing/supporting SFU? I thought it was either dead or at least on life support only now? What are my choices if the people who run the AD and Windos infrastructure refuse to install SFU? >> So how does Solaris handle this (if it does?) If it does it in simliar >> way to WinBind, is it too much to hope that it uses the same algorithm >> for SID-->UID as WinBind? I mean I can deal with a 1 time chown, but to >> > > It's not the same algorithm, except for name-based mapping, where it's > close enough. > I'm not sure I get this statement, but maybe I'll get after I read all the other blogs and docs you pointed me to. Thanks! > >> do what I need on the Unix/NFS side I really need Solaris and Linux to >> agree on UIDs and GIDs. Is there someway that Solaris can export it's >> tranlation to linux through an AD<->NIS converter? >> > > No, but if you can use SFU (i.e., assign UIDs and GIDs in AD itself) > then you're fine. > > We're considering adding more ID mapping options too. > > What types of things are you considering? (If you can talk about them?) >> Where's the best place to read up more on this? >> > > Try the CIFS guide. There's also plenty of blogs linked to from the > storage blog: > > http://blogs.sun.com/storage/en_US/entry/what_we_re_reading_alan > http://blogs.sun.com/storage/en_US/entry/more_on_cifs > > Thanks! -Kyle > Nico > _______________________________________________ opensolaris-discuss mailing list opensolaris-discuss@opensolaris.org
