Login Security Part 2 - Setting up a Solaris11 to authenticate to AD using SAMBA

Setting up a Solaris11 to authenticate to AD using SAMBA:

1. Add to /etc/system and reboot (This is once off on the global zone only)
2. vi /etc/samba/smb.conf*
3. mv /etc/pam.conf /etc/pam.conf.bak
4. mv /etc/pam.conf-winbind /etc/pam.conf
5. svccfg -s name-service/switch
   > setprop config/password = "files winbind"
   > setprop config/group = "files winbind"
   > exit
6. svcadm refresh name-service/switch
7. net join -U ADUserThatCanAddToDomain -S ADDomainControllerName
8. svcadm enable samba winbind
9. getent passwd

*Truncated smb.conf:

[global]
        workgroup = <HELLO>
        #realm = <HELLO.COM>
        encrypt passwords = yes
        netbios aliases = <hostname>
        server string = <hostname>
        security = DOMAIN
        auth methods = winbind
        password server = <ADDomainControllerIP>
        unix password sync = Yes
        log level = 2 vfs:3
        syslog = 2
        log file = /var/log/samba/smb-%U-%M.log
        max xmit = 65535
        name resolve order = host bcast
        deadtime = 15
        socket options = TCP_NODELAY IPTOS_LOWDELAY
        load printers = No
        disable spoolss = Yes
        show add printer wizard = No
        preferred master = No
        local master = No
        domain master = No
        dns proxy = No
        ldap ssl = no
        socket address =
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        winbind enum users = Yes
        winbind enum groups = Yes
        winbind use default domain = yes
        hide special files = Yes
        hide unreadable = Yes
        veto files = /lost+found/samba_recycle_bin/