Ketan | 4 Mar 11:07 2011
Picon

Solaris integration with Active Directory

We are looking for implementing solaris single sign on with AD in our environment which as few hundred
Solaris hosts and couple of hundred solaris zones ..IS there any third party software for the same or we can
do it by just making the solaris servers as AD clients ? Any help is appreciated.
--

-- 
This message posted from opensolaris.org
Laotsao | 4 Mar 12:24 2011
Picon

Re: Solaris integration with Active Directory

Hi
If you google solaris with msft ad
It will points you to
1 bigadmin article that also has link to msft
2 3rd party link wise

Regards

Sent from my iPad
Laotsao

On Mar 4, 2011, at 5:07 AM, Ketan <vibhuneb@...> wrote:

> We are looking for implementing solaris single sign on with AD in our environment which as few hundred
Solaris hosts and couple of hundred solaris zones ..IS there any third party software for the same or we can
do it by just making the solaris servers as AD clients ? Any help is appreciated.
> -- 
> This message posted from opensolaris.org
> _______________________________________________
> sysadmin-discuss mailing list
> sysadmin-discuss@...
> http://mail.opensolaris.org/mailman/listinfo/sysadmin-discuss
Picon

Re: Solaris integration with Active Directory

fyi
http://wikis.sun.com/display/SecureGlobalDesktop/HOWTO+Use+Active+Directory+as+a+Solaris+Authentication+Source
http://blog.scottlowe.org/2007/01/15/active-directory-integration-index/
http://blog.scottlowe.org/2007/04/25/solaris-10-ad-integration-version-3/
http://www.sun.com/bigadmin/features/articles/kerberos_s10.jsp

On 3/4/2011 5:07 AM, Ketan wrote:
> We are looking for implementing solaris single sign on with AD in our environment which as few hundred
Solaris hosts and couple of hundred solaris zones ..IS there any third party software for the same or we can
do it by just making the solaris servers as AD clients ? Any help is appreciated.
Attachment (laotsao.vcf): text/x-vcard, 466 bytes
_______________________________________________
sysadmin-discuss mailing list
sysadmin-discuss@...
http://mail.opensolaris.org/mailman/listinfo/sysadmin-discuss
Picon

Re: Solaris integration with Active Directory

http://hub.opensolaris.org/bin/view/Project+winchester/

On 3/4/2011 5:07 AM, Ketan wrote:
> We are looking for implementing solaris single sign on with AD in our environment which as few hundred
Solaris hosts and couple of hundred solaris zones ..IS there any third party software for the same or we can
do it by just making the solaris servers as AD clients ? Any help is appreciated.
Attachment (laotsao.vcf): text/x-vcard, 466 bytes
_______________________________________________
sysadmin-discuss mailing list
sysadmin-discuss@...
http://mail.opensolaris.org/mailman/listinfo/sysadmin-discuss
Nathan Scandella | 17 Mar 06:03 2011
Picon

Re: How to allow root to access SSH remotely on opensolaris 11?

This is ridiculous.  Did you even read the original poster's use case?  He's probably trying to copy a file
securely from one system to the other system.  The file is probably owned by root on both systems. SCP is a
completely reasonable way to do that.

How would you suggest he perform that operation otherwise?

Copy to an intermediate account, and have the file owned by a less secure account in the process?  That's less
secure, not more, than just allowing a root-to-root scp.

Create a "root like" account just for this purpose?  If you do that, then what's the point?  if you're going to
have that psuedo-root account, then you've just created the slightly-less secure situation you're
obviously under the impression that you can avoid entirely.  

Or copy the files to a thumb drive or CD and transfer them manually?  That's probably much less secure.  

This is exactly the kind of thing that drives me crazy about IT people.  They completely forget that the
entire purpose of computing systems is to get work done more efficiently ... not to provide a challenge for
them to create an fortress that's impenetrable.  

You're right .. you don't want to have situations where there are "nobody" accounts.  That's why you only
give root access to a very few people.  And those people have to be trustworthy ... there's no getting around that.

"Features" like this just make Solaris a less useful computing platform.  It's little surprise that it's
dying out.
--

-- 
This message posted from opensolaris.org
Ron Halstead | 23 Mar 21:38 2011
Picon

Re: How to allow root to access SSH remotely on opensolaris 11?

> "Features" like this just make Solaris a less useful computing platform. <

Its not features like this causing the problem, its the dimwits who insist on admins jumping through hoops,
to "secure" the system. I had a "Senior Sysad" forbid root access via ssh to a system but ok'd a phony user
with a UID of 0 instead.  And yes, I did question her IQ. 

This was for a bulk root password change script I wrote at the boss' request. All passwords were different.

--ron
--

-- 
This message posted from opensolaris.org
Jerry Kemp | 23 Mar 21:53 2011

Re: How to allow root to access SSH remotely on opensolaris 11?

and then there is the classic "Bob Beck" response for those who attempt
to limit SA root access :::

http://archives.neohapsis.com/archives/openbsd/2005-03/2878.html

On 03/23/11 15:38, Ron Halstead wrote:
>> "Features" like this just make Solaris a less useful computing platform. <
> 
> Its not features like this causing the problem, its the dimwits who insist on admins jumping through
hoops, to "secure" the system. I had a "Senior Sysad" forbid root access via ssh to a system but ok'd a phony
user with a UID of 0 instead.  And yes, I did question her IQ. 
> 
> This was for a bulk root password change script I wrote at the boss' request. All passwords were different.
> 
> --ron
Christine Tran | 29 Mar 01:57 2011
Picon

Disk controllers change during jumpstart

Hi,

OK, a little weird problem I've not seen before.  I am jumpstarting a
brand new T540, it usually has the controller profiles c1t0d0xx, 8
internal disks.  I boot net to HW RAID the c1t0 and c1t1, and then lay
down an OS, very typical, very boring.  Box gets raided, everything
looks normal, boot net - install, and it complains "Disk profile not
valid ..." Okay, in 1 minute it has gone from c1t0d0xx to c0t0d0xx ...
all 8 disks.  I can't understand the reason for this, I am not moving
any card or drivers around, at all.  What's happening?  I can change
my jumpstart profile, but I would like to understand what's happening.
Anyone had a similar experience?

CT

Gmane