Managing Kerberos and Other Authentication Services in Oracle® Solaris 11.2

Exit Print View

Updated: August 2014

How to Join a Kerberos Client to an Active Directory Server

This procedure uses the kclient command without an installation profile.

Before You Begin

You must assume the root role. For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.2 .

  1. (Optional) Enable DNS resource record creation for the client.
    client# sharectl set -p ddns_enable=true smb
  2. Run the kclient command.

    The following output shows sample output from running the kclient command to join the client to the AD domain, EXAMPLE.COM.

    The –T option selects a KDC server type, in this case, a Microsoft Active Directory (AD) server type. By default, you must provide the password for the Administrator principal of the AD server.

    client# /usr/sbin/kclient -T ms_ad
    Starting client setup
    Attempting to join 'CLIENT' to the 'EXAMPLE.COM' domain.
    Password for Administrator@EXAMPLE.COM: xxxxxxxx
    Forest name found:
    Looking for local KDCs, DCs and global catalog servers (SVR RRs).
    Setting up /etc/krb5/krb5.conf
    Creating the machine account in AD via LDAP.
    Setup COMPLETE.

    For more information, see the kclient(1M) man page.