The nss_ad module requires that the Oracle Solaris client use DNS for host resolution.
See How to Enable a DNS Client for instructions.
If both directives are specified, then whichever is last takes precedence in order for the idmap auto-discovery feature to work properly.
# dig -x 192.0.2.22 +short myserver.ad.example # dig myserver.ad.example +short 192.0.2.22
# svccfg -s svc:/system/name-service/switch:default svc:/system/name-service/switch:default> setprop config/host = astring: "files dns" svc:/system/name-service/switch:default> refresh svc:/system/name-service/switch:default> quit
For example:
# svcs svc:/network/dns/client STATE STIME FMRI online Oct_14 svc:/network/dns/client:default
For example:
# /usr/sbin/kclient -T ms_ad
# svccfg -s svc:/system/name-service/switch:default svc:/system/name-service/switch:default> setprop config/password = astring: "files nis ad" svc:/system/name-service/switch:default> setprop config/group = astring: "files nis ad" svc:/system/name-service/switch:default> refresh svc:/system/name-service/switch:default> quit
# svcadm enable idmap:default
# svcadm refresh name-service/switch:default
For example:
# getent passwd 'test_user@example' test_user@example:x:2154266625:2154266626:test_user:: # getent passwd 2154266625 test_user@example:x:2154266625:2154266626:test_user::