Winchester: Schema mapping and ID mapping for AD Interoperability

Introduction

The goal of this project was to enable Solaris to operate in a native Active Directory (AD) environment by providing the following components:

• New name service switch module to perform direct mapping from AD native schema to Solaris equivalents for passwd, shadow and groups
• ID mapping facility to map Windows Security Identifiers (SIDs) to POSIX Identifiers (UIDs/GIDs) and vice-versa
• AD Domain join.

As of now, all the above components have been integrated and are available in OpenSolaris starting from version 2008.11. See Documentation below for links to the appropriate documentation.

Documentation

• For information about the nss_ad naming service module, which enables a Solaris system to access user and group information from Active Directory (AD) servers in an AD domain, see System Administration Guide: Naming and Directory Services (DNS, NIS, and LDAP).

• The native identity mapping service is described in the Solaris CIFS Administration Guide and in the idmap(1M) and idmapd(1M) man pages.

• Solaris machine can be joined to an Active Directory domain using the kclient(1M) script. Previously we provided an adjoin script for testing purpose. Note that the adjoin script is not supported and no longer maintained. 

• Troubleshooting information for CIFS-related topics, including the Solaris CIFS service, the Solaris CIFS client, and the identity mapping service.

• A getting started document, which includes HOWTOs and tips for installing and configuring the Solaris CIFS service.

• The what's new with Solaris CIFS document includes the list of features and feature changes that have been introduced in SXCE since Build 79.

• This troubleshooting, getting started, and what's new information is available for update by the community at http://www.genunix.org.

• This document shows the relationship between various name service and PAM enhancements projects.