A while back I worked with a client to implement Active Directory (AD) integration for a number of Solaris containers that made up their SAS platform. The main benefit of this was to allow all of the SAS users to use their Windows (Active Directory) credentials, the same ones they use to log into their workstation in the morning, to get access to the SAS servers on the Solaris platform. This removed any requirement to manage local user accounts, across multiple Solaris containers, as they could all be managed in Active Directory by the people who usually manage accounts. It was not a trivial exercise – it required communication with several different groups, some changes to the AD server, population of UNIX attributes for users and groups in AD and configuration of the Solaris containers, however it was well worth the effort and I would definitely recommend it.
These were the main technical resources I found useful with implementation and troubleshooting:
- The starting point was the Sun document Using Kerberos to Authenticate a Solaris™ 10 OS LDAP Client With Microsoft Active Directory at http://www.sun.com/bigadmin/features/articles/kerberos_s10.pdf.
- Scott Lowe’s blog, particularly the Solaris 10-AD Integration, Version 3 post at http://blog.scottlowe.org/2007/04/25/solaris-10-ad-integration-version-3/, provided additional information. That article, the other articles it links to, and the comments on those articles all proved useful, either in their own right or as sources for additional keywords/phrases for Google searches.
I hope you find them useful too.