System Administration Guide: Security Services

ProcedureHow to Configure a Kerberos Client for an Active Directory Server

This procedure uses the kclient installation utility without a installation profile.

  1. Become superuser.

  2. (Optional) Enable DNS resource record creation for the client.

    The first command causes DNS records to be created when the client is joined to the Active Directory domain. The second command records this change in the running configuration of this service.

    client# svccfg -s smb/server setprop smbd/ddns_enable=true
    client# svcadm refresh smb/server
  3. Run the kclient installation script.

    You need to provide the following information:

    • Password for the administrative principal

Example 23–11 Configuring a Kerberos Client for an Active Directory Server Using kclient.

The following output shows the results of running the kclient command using the ms_ad (Microsoft Active Directory) server type argument. The client will be joined to the Active Directory domain called EXAMPLE.COM.

client# /usr/sbin/kclient -T ms_ad

Starting client setup

Attempting to join 'CLIENT' to the 'EXAMPLE.COM' domain.
Password for Administrator@EXAMPLE.COM: <Type the password>
Forest name found:
Looking for local KDCs, DCs and global catalog servers (SVR RRs).

Setting up /etc/krb5/krb5.conf

Creating the machine account in AD via LDAP.