AD(7) Standards, Environments, and Macros AD(7)
NAME
ad - Active Directory as a naming repository
DESCRIPTION
Solaris clients can obtain naming information from Active Directory
(AD) servers.
The Solaris system must first join an AD domain and then add the
ad keyword to the appropriate entries in the
nsswitch.conf(5) file. The
Solaris system joins the AD domain by using the
kclient(8) utility.
The AD name service only supports the naming databases for
passwd and
group.
Windows users are not able to log in. The
user_attr(5) database has
no entries for Windows users, and the
passwd(1) command does not
support the synchronization of user passwords with AD.
The Solaris AD client uses auto-discovery techniques to find AD
directory servers, such as domain controllers and global catalog
servers. The client also uses the LDAP v3 protocol to access naming
information from AD servers. The AD server schema requires no
modification because the AD client works with native AD schema. The
Solaris AD client uses the
idmap(8) service to map between Windows
security identifiers (SIDs) and Solaris user identifiers (UIDs) and
group identifiers (GIDs). User names and group names are taken from
the
sAMAccountName attribute of the AD user and group objects and
then tagged with the domain where the objects reside. The domain name
is separated from the user name or group name by the
@ character.
The client uses the SASL/GSSAPI/KRB5 security model. The
kclient utility is used to join the client to AD. During the join operation,
kclient configures Kerberos v5 on the client. See
kclient(8).
FILES
/etc/nsswitch.conf Configuration file for the name-service
switch.
/etc/nsswitch.ad Sample configuration file for the name-
service switch configured with ad, dns and
files.
/usr/lib/nss_ad.so.1 Name service switch module for AD.
SEE ALSO
passwd(1),
svcs(1),
nsswitch.conf(5),
user_attr(5),
smf(7),
idmap(8),
idmapd(8),
kclient(8),
svcadm(8),
svccfg(8) May 23, 2021 AD(7)
