Joining a Solaris machine to AD

Published   Read time 55 sec(s)   (566 views).  Solaris  

This is a simple post providing instructions on how to join a solaris system to AD.

  1. Create configuration file (/etc/samba/krb-samba.conf): 
    # cat >/etc/samba/krb-samba.conf >>_EOT_
[global]
   workgroup = TEST
   password server = 10.10.1.101
   realm = ad.church1e.test
   security = ads
   kerberos method = system keytab
_EOT_
  2. Join the domain 
    root@sol11# net ads join --configfile /etc/samba/krb-samba.conf -U mchurchi
Enter mchurchi's password:
Using short domain name -- TEST
Joined 'sol11' to dns domain 'ad.church1e.test'
No DNS domain configured for sol11. Unable to perform DNS Update.
DNS update failed: NT_STATUS_INVALID_PARAMETER
    NOTE: The DNS error is normal and can safely be ignored.

Troubleshooting

If you receive the following error:

Failed to join domain: failed to lookup DC info for domain 'AD.CHURCH1E.TEST' over rpc: The attempted logon is invalid. This is either due to a bad username or authentication information.

Based on the Oracle Doc (Samba 'net ads join' Fails After Upgrade to Samba 4.4.x - Doc ID 2301495.1), we can simply add the following to the samba configuration file:

include system krb5 conf = no