Thursday, July 13, 2017

Solaris 11.3 SMB Server Authentication with Windows AD

Reference: https://docs.oracle.com/cd/E23824_01/html/821-1449/configuringoperationmodetm.html

Enable the SMB Service:

# svcadm enable -r smb/server

Synchoronize Clock with Domain Controller

Make sure the clock difference between client and domain controller is less than 5 minutes
# ntpdate dc01.goweekend.ca

Enable SMB service

# svcadm enable -r smb/server

Join Windows Domain

smbadm will create all the objects required on domaincontroller
# smbadm join -u ouadmin  goweekend.ca

Map ID

# idmap add -d "winuser:*@*" "unixuser:*"

# idmap list

Change Name Server Switch Configuration


# svccfg -s svc:/system/name-service/switch
svc:/system/name-service/switch> setprop config/password = astring: "files nis ad"
svc:/system/name-service/switch> setprop config/group = astring: "files nis ad"
svc:/system/name-service/switch> select system/name-service/switch:default
svc:/system/name-service/switch:default> refresh
svc:/system/name-service/switch:default> quit

# svcadm refresh svc:/system/name-service/switch

Create SMB Shares on Solaris Server



# zfs create -o mountpoint=/myshare upool/myshare

# zfs share -o share.smb=on -o share.smb.abe=on -o share.smb.guestok=off upool/myshare%myshare_
# zfs set aclinherit=passthrough  upool/myshare

# chmod -R A+user:testuser:rwxpdDaARWcCos:fd-----:allow /myshare


Configurate SMB Autohome Shares


https://docs.oracle.com/cd/E36784_01/html/E36832/autohomeshares.html#scrolltoc

On Solaris Client
# cat /etc/smbautohome
+nsswitch       OU=Users,DC=ad,DC=goweekend,DC=ca

New user on Solaris Server

If you found your new user status is locked, look like below in /etc/shadow
usertest :*LK*:16245::::::
or
# passwd -s usertest
usertest  LK
You need run below command to activate new user:
# passwd -r files usertest
or, unlock existing user
# passwd -u usertest

No comments:

Post a Comment