Configure Clients Before AD Bridge Agent Installation
Before you install the AD Bridge agent, configure client computers as indicated in the following sections.
Configure nsswitch.conf
Before you attempt to join an Active Directory domain, make sure the /etc/nsswitch.conf file contains the following line:
hosts: files dns
The hosts line can contain additional information, but it must include the dns entry, and we recommend that the dns entry appear after the files entry.
Computers running Solaris, in particular, may not contain this line in nsswitch.conf until you add it.
When you use AD Bridge with Multicast DNS 4 (mDNS4) and have a domain in your environment that ends in .local, you must place the dns entry before the mdns4_minimal entry and before the mdns4 entry:
hosts: files dns mdns4_minimal [NOTFOUND=return] mdns4
The default setting for many Linux systems is to list the mdns4 entries before the dns entry, a configuration that leaves AD Bridge unable to find the domain.
For AD Bridge to work correctly, the nsswitch.conf file must be readable by user, group, and world.
For more information on configuring nsswitch, see the man page for nsswitch.conf.
Configure netsvc.conf on AIX
On AIX computers, ensure the netsvc.conf file contains the following line:
hosts = local,bind
Restart Services
After you update nsswitch.conf (or netsvc.conf), you must restart the AD Bridge input-output service (lwio).
Run the following command as root to restart both services:
/opt/pbis/bin/lwsm restart lwio
Configure resolv.conf
Before you attempt to join an Active Directory domain, make sure that /etc/resolv.conf on your Linux or Unix client includes a DNS server that can resolve SRV records for your domain.
[root@rhel5d Desktop]# cat /etc/resolv.conf
search example.com
nameserver 192.168.100.132
For more information on resolv.conf, see your operating system's man page.
Configure Firewall Ports
If you use local firewall settings, such as iptables, on a computer running the AD Bridge agent, ensure the following ports are open for outbound traffic.
The AD Bridge agent is a client. It does not listen on any ports.
| Port | Protocol | Use |
|---|---|---|
|
53 |
UDP/ TCP |
DNS |
|
88 |
UDP/TCP |
Kerberos 5 |
|
123 |
UDP |
NTP |
|
389 |
UDP/TCP |
LDAP |
|
443 |
TCP |
AD Bridge Reporting to BeyondInsight |
|
445 |
TCP |
SMB over TCP |
|
464 |
UDP/TCP |
Computer password changes (typically after 30 days) |
|
1433 |
TCP |
Connection to SQL Server. Open the port you are using. |
|
3268 |
TCP |
Global Catalog search |
To view the firewall rules on a Linux computer using iptables, execute the following command:
iptables - nL
Extend Partition Size (IBM AIX)
On AIX, you may need to extend the size of certain partitions to complete the installation.
To change the partition size using IBM'S chfs command, use chfs -a size=+200M /opt.
The example command increases the size of the opt partition by 200MB, which is expected to be sufficient for a successful installation.
Increase Max User Name Length (IBM AIX)
By default, IBM AIX is not configured to support long user and group names, which might present a conflict when you try to log on with a long Active Directory username.
On AIX, group names are truncated when enumerated through the groups command.
To increase the max user name length on AIX, use the following syntax:
# chdev -l sys0 -a max_logname=MaxUserNameLength+1
# chdev -l sys0 -a max_logname=255
This command allocates 254 characters for the user and 1 for the terminating null.
The safest value that you can set max_logname to is 255.
You must reboot for the changes to take effect:
# shutdown -Fr
