zc-node-N# vi /etc/krb5/krb5.conf [libdefaults] default_realm = OSC.EXAMPLE.COM [realms] OSC.EXAMPLE.COM = { kdc = 192.168.0.20 admin_server = 192.168.0.20 } [domain_realm] .your.domain.name = OSC.EXAMPLE.COM your.domain.name = OSC.EXAMPLE.COM [logging] default = FILE:/var/krb5/kdc.log kdc = FILE:/var/krb5/kdc.log kdc_rotate = { period = 1d versions = 10 } [appdefaults] kinit = { renewable = true forwardable= true }
Compare output of the ntpq -p command on all physical cluster nodes and the equivalent on the Windows Active Directory server. Kerberos relies on synchronized time between the systems.
zc-node-N# cp -p /etc/pam.conf /etc/pam.conf.orig zc-node-N# cp /etc/pam.conf-winbind /etc/pam.conf
zc-node-N# svccfg -s name-service/switch setprop config/password = \"files winbind\" zc-node-N# svccfg -s name-service/switch setprop config/group = \"files winbind\" zc-node-N# svcadm refresh name-service/switch
zc-node-N# svcadm disable name-service/cache
zc-node-1# net -s /failover/samba/samba-lh/lib/smb.conf ADS JOIN -U Administrator