Comments on: One Potential Issue in AD Integration Scenarios http://blog.scottlowe.org/2007/09/17/one-potential-issue-in-ad-integration-scenarios/ The weblog of an IT pro specializing in virtualization, storage, and servers Mon, 01 Dec 2008 20:36:50 +0000 http://wordpress.org/?v=2.6 By: Dave McLeod http://blog.scottlowe.org/2007/09/17/one-potential-issue-in-ad-integration-scenarios/#comment-36602 Dave McLeod Tue, 25 Mar 2008 20:28:15 +0000 http://blog.scottlowe.org/2007/09/17/one-potential-issue-in-ad-integration-scenarios/#comment-36602 Hi Scott, I tried using your Solaris AD integration with somany attempts sometimes I get locked out sometimes it worked and sometimes it didn't when it worked I was able to make winbindd daemon to start but when the Administrator account was the only account that could log-in other users couldn't. I have re-installed Solaris 10 many times (I guess I'm enjoying the luxury of VMs) Hi Scott,
I tried using your Solaris AD integration with somany attempts sometimes I get locked out sometimes it worked and sometimes it didn’t when it worked I was able to make winbindd daemon to start but when the Administrator account was the only account that could log-in other users couldn’t. I have re-installed Solaris 10 many times (I guess I’m enjoying the luxury of VMs)

]]> By: Brian http://blog.scottlowe.org/2007/09/17/one-potential-issue-in-ad-integration-scenarios/#comment-35841 Brian Sat, 01 Mar 2008 20:42:35 +0000 http://blog.scottlowe.org/2007/09/17/one-potential-issue-in-ad-integration-scenarios/#comment-35841 Thanks so much for taking the time to write the articles about AD integration. I am having a problem that sounds like what is described here regarding the one-potential-issue... but I am having trouble translating the _two ways of specifying this account in /etc/ldap.conf_ into the actual lines in that file. Could you share some typical examples of the line(s) in ldap.conf for the bind account (and/or whatever other info in ldap.conf may be affected by this). Thanks. Thanks so much for taking the time to write the articles about AD integration. I am having a problem that sounds like what is described here regarding the one-potential-issue… but I am having trouble translating the _two ways of specifying this account in /etc/ldap.conf_ into the actual lines in that file. Could you share some typical examples of the line(s) in ldap.conf for the bind account (and/or whatever other info in ldap.conf may be affected by this). Thanks.

]]> By: Zac439 http://blog.scottlowe.org/2007/09/17/one-potential-issue-in-ad-integration-scenarios/#comment-33865 Zac439 Thu, 25 Oct 2007 00:39:16 +0000 http://blog.scottlowe.org/2007/09/17/one-potential-issue-in-ad-integration-scenarios/#comment-33865 Hey there! Very nice article you have here. If anyone was having problems understanding more about Kerberos, there is a good article on it here: http://www.learn-networking.com/security-basics/how-kerberos-authentication-works.html Hey there! Very nice article you have here. If anyone was having problems understanding more about Kerberos, there is a good article on it here:
http://www.learn-networking.com/security-basics/how-kerberos-authentication-works.html

]]> By: slowe http://blog.scottlowe.org/2007/09/17/one-potential-issue-in-ad-integration-scenarios/#comment-33483 slowe Mon, 24 Sep 2007 20:34:54 +0000 http://blog.scottlowe.org/2007/09/17/one-potential-issue-in-ad-integration-scenarios/#comment-33483 Clif, Well, without NSS you're kind of stuck. Sorry--wish I could be more helpful! Clif,

Well, without NSS you’re kind of stuck. Sorry–wish I could be more helpful!

]]> By: Clif Smith http://blog.scottlowe.org/2007/09/17/one-potential-issue-in-ad-integration-scenarios/#comment-33481 Clif Smith Mon, 24 Sep 2007 20:26:19 +0000 http://blog.scottlowe.org/2007/09/17/one-potential-issue-in-ad-integration-scenarios/#comment-33481 As of AIX 5.2 a year or so ago, I don't believe NSS was supported. As well, I believe PAM was supported only through AIX's LAM. I've since migrated most of my 5.2 systems so hopefully this has all changed. Having said that, I tried a howto a couple of months back using 5.3 and still failed to get it going. :^( It simply shouldn't be an issue. At this point it should be little more than a "checkbox". (Said the tired admin) As of AIX 5.2 a year or so ago, I don’t believe NSS was supported. As well, I believe PAM was supported only through AIX’s LAM. I’ve since migrated most of my 5.2 systems so hopefully this has all changed. Having said that, I tried a howto a couple of months back using 5.3 and still failed to get it going. :^(

It simply shouldn’t be an issue. At this point it should be little more than a “checkbox”. (Said the tired admin)

]]> By: slowe http://blog.scottlowe.org/2007/09/17/one-potential-issue-in-ad-integration-scenarios/#comment-33429 slowe Fri, 21 Sep 2007 11:50:11 +0000 http://blog.scottlowe.org/2007/09/17/one-potential-issue-in-ad-integration-scenarios/#comment-33429 Clif, I wish I could help with AIX! Unfortunately, I know absolutely nothing about how AIX works...does it support PAM and NSS? OpenBSD does not, for example, which completely prevents any sort of broad AD integration. Clif,

I wish I could help with AIX! Unfortunately, I know absolutely nothing about how AIX works…does it support PAM and NSS? OpenBSD does not, for example, which completely prevents any sort of broad AD integration.

]]> By: Clif Smith http://blog.scottlowe.org/2007/09/17/one-potential-issue-in-ad-integration-scenarios/#comment-33425 Clif Smith Fri, 21 Sep 2007 00:13:23 +0000 http://blog.scottlowe.org/2007/09/17/one-potential-issue-in-ad-integration-scenarios/#comment-33425 Thanks for the continued info and updates to it! I must say I'm disappointed that we UNIX/Linux admins still have to jump through so many complicated hoops when (unfortunately) AD has been the defacto authenticator for a number of years now. While I've been successful with Linux and Solaris, my attempts at integrating AIX continue to cause me to fall on my head. Thanks for the continued info and updates to it! I must say I’m disappointed that we UNIX/Linux admins still have to jump through so many complicated hoops when (unfortunately) AD has been the defacto authenticator for a number of years now. While I’ve been successful with Linux and Solaris, my attempts at integrating AIX continue to cause me to fall on my head.

]]>