Working With Oracle® Solaris 11.2 Directory and Naming Services: DNS and NIS

Exit Print View

 
Updated: July 2014
 
 

How to Configure the nss_ad Module

The nss_ad module requires that the Oracle Solaris client use DNS for host resolution.

  1. Configure the DNS service.

    See How to Enable a DNS Client for instructions.

    Note - The AD domain name must be specified either by means of the domain directive or as the first item in the list specified by the search directive.

    If both directives are specified, then whichever is last takes precedence. This is required for the idmap auto-discovery feature to work properly.

    In the following example, the dig commands verify that the AD server can be resolved by using its name and IP address.

    # dig -x 192.168.11.22 +short
myserver.ad.example
# dig myserver.ad.example +short
192.168.11.22
  2. Add dns to the list of naming services for hosts.
    # svccfg -s svc:/system/name-service/switch
svc:/system/name-service/switch> setprop config/host = astring: "files dns"
svc:/system/name-service/switch> select system/name-service/switch:default
svc:/system/name-service/switch:default> refresh
svc:/system/name-service/switch:default> quit
    Note - To include additional naming services such as nis or ldap for host resolution, add them after dns.
  3. Verify that the DNS service is enabled and online.

    For example:

    # svcs svc:/network/dns/client
STATE STIME FMRI
online Oct_14 svc:/network/dns/client:default
  4. Use the kclient utility to join the system to the AD domain.

    For example:

    # /usr/sbin/kclient -T ms_ad
  5. Add ad to the list of naming services for password and group.
    # svccfg -s svc:/system/name-service/switch
svc:/system/name-service/switch> setprop config/password = astring: "files nis ad"
svc:/system/name-service/switch> setprop config/group = astring: "files nis ad"
svc:/system/name-service/switch> select system/name-service/switch:default
svc:/system/name-service/switch:default> refresh
svc:/system/name-service/switch:default> quit
  6. Enable the idmap service.
    # svcadm enable idmap
  7. Update the SMF repository for the name service switch service.
    # svcadm refresh name-service/switch
    Note - The nscd module automatically restarts if necessary, whenever name service switch is refreshed.
  8. Verify that you can access user and group information from AD.

    For example:

    # getent passwd 'test_user@example'
test_user@example:x:2154266625:2154266626:test_user::
# getent passwd 2154266625
test_user@example:x:2154266625:2154266626:test_user::
Copyright © 2002, 2014, Oracle and/or its affiliates. All rights reserved. Legal Notices
Previous
Next