Configure Clients Before AD Bridge Enterprise Agent Installation

Before you install the AD Bridge Enterprise agent, configure client computers as indicated in the following sections.

Configure nsswitch.conf

Before you attempt to join an Active Directory domain, make sure the /etc/nsswitch.conf file contains the following line:

hosts: files dns

The hosts line can contain additional information, but it must include the dns entry, and we recommend that the dns entry appear after the files entry.

Computers running Solaris, in particular, may not contain this line in nsswitch.conf until you add it.

When you use AD Bridge with Multicast DNS 4 (mDNS4) and have a domain in your environment that ends in .local, you must place the dns entry before the mdns4_minimal entry and before the mdns4 entry:

hosts: files dns mdns4_minimal [NOTFOUND=return] mdns4

The default setting for many Linux systems is to list the mdns4 entries before the dns entry, a configuration that leaves AD Bridge Enterprise unable to find the domain.

For AD Bridge Enterprise to work correctly, the nsswitch.conf file must be readable by user, group, and world.

For more information on configuring nsswitch, please see the man page for nsswitch.conf.

Configure netsvc.conf on AIX

On AIX computers, ensure the netsvc.conf file contains the following line:

hosts = local,bind

Restart Services

After you update nsswitch.conf (or netsvc.conf), you must restart the AD Bridge Enterprise input-output service (lwio) and the authentication service (lsass).

Run the following command as root to restart both services:

/opt/pbis/bin/lwsm restart lwio

Configure resolv.conf

Before you attempt to join an Active Directory domain, make sure that /etc/resolv.conf on your Linux, Unix, or Mac client includes a DNS server that can resolve SRV records for your domain.

Example:

[root@rhel5d Desktop]# cat /etc/resolv.conf
search example.com
nameserver 192.168.100.132

For more information on resolv.conf, please see your operating system's man page.

Configure Firewall Ports

If you use local firewall settings, such as iptables, on a computer running the AD Bridge Enterprise agent, ensure the following ports are open for outbound traffic.

The AD Bridge Enterprise agent is a client. It does not listen on any ports.

Port Protocol Use

53  

UDP/ TCP

DNS

88

UDP/TCP

Kerberos 5

123

UDP

NTP

389

UDP/TCP

LDAP

443

TCP

AD Bridge Reporting to BeyondInsight

445

TCP

SMB over TCP

464

UDP/TCP

Computer password changes (typically after 30 days)

1433

TCP

Connection to SQL Server. Open the port you are using.
The default port for SQL is 1433.

3268

TCP

Global Catalog search

To view the firewall rules on a Linux computer using iptables, execute the following command:

iptables - nL

Extend Partition Size (IBM AIX)

On AIX 5.2 and 5.3, you may need to extend the size of certain partitions to complete the installation.

To change the partition size using IBM'S chfs command, use chfs -a size=+200M /opt.

The example command increases the size of the opt partition by 200 MB, which should be sufficient for a successful installation.

Increase Max User Name Length (IBM AIX)

By default, IBM AIX is not configured to support long user and group names, which might present a conflict when you try to log on with a long Active Directory username.

On AIX 5.3 and AIX 6.1, group names are truncated when enumerated through the groups command.

To increase the max user name length on AIX 5.3, use the following syntax:

# chdev -l sys0 -a max_logname=MaxUserNameLength+1

Example:

# chdev -l sys0 -a max_logname=255

This command allocates 254 characters for the user and 1 for the terminating null.

The safest value that you can set max_logname to is 255.

You must reboot for the changes to take effect:

# shutdown -Fr

AIX 5.2 does not support increasing the maximum user name length.