6.2 Joining the Cluster Resource to an Active Directory Domain

6.2.1 Prerequisites

  • The cluster pools that you plan to join must be in the Active state.

  • Each cluster pool must have at least one volume and the volume must be in an active and mounted state.

  • Upgrade all nodes to OES 23.4 and join them to an Active Directory domain in order to provide users with uninterrupted access to their data.

6.2.2 Steps for Joining the Cluster Resource

This process includes four main tasks:

  1. Upgrading the pool media format.

  2. Enabling the Active Directory identities flag for a volume that you plan to provision for the Active Directory users.

  3. Joining the cluster resources to an Active Directory Domain.

  4. Verifying the service principals for the node and the resource.

Upgrading the Pool Media Format and Active Directory-enabling the Volumes

First, upgrade the existing NSS32 cluster pools with the new metadata structure to provision NSS resources to Active Directory users. This is a one-time activity. Once completed, you cannot return the media to its previous state.

If you create NSS32 pools, you have to explicitly upgrade them with the new media format. However, the NSS 64 pools in OES 2015 or later are shipped with the new media format.

After the media upgrade, you have to enable the Active Directory identities flag for the volumes in NSS32 and NSS64 pools.

Issue the commands at the NSS Console as the root user.

  1. Run the /pools command and verify that the cluster pool is in the active state.

  2. Run the /ZLSSUpgradeCurrentPoolMediaFormatToAD=<POOL_NAME> command.

    A successful upgrade is indicated by an appropriate message.

  3. Run the /volumes command and verify that the volume is in the active state.

  4. Run the /ADIdentities=<VOLUME_NAME> command.

    The successful addition of Active Directory identities is indicated by an appropriate message.

  5. Next, run the /volumes command again and verify that the AD Enabled attribute appears in the Attributes column.

  6. Create a 64-bit pool and a volume. Although the 64-bit pool is created with the upgraded media, the volume is not AD-enabled.

  7. Run the /ADIdentities=<VOLUME_NAME> command to add Active Directory identities.

For more information, see Upgrading the NSS Media Format in the OES 23.4: NSS File System Administration Guide for Linux.

Joining the Cluster Resources to an Active Directory Domain

Next, you will join the resources to an Active Directory domain.

To join the resources, use the user credentials of the Administrator, or an administrator equivalent, or a standard domain user with sufficient rights to create computer objects.

  1. Run kinit and then open the NSSMU console. You can also open the NSSMU console without running kinit.

  2. Select Pools from the menu, and then select the pool that you want to join.

  3. Press J on your keyboard.

  4. Specify valid Active Directory Information, then Proceed.

    If kinit has already been performed and you want to retain the credentials, press Y to skip. Otherwise, press N to run kinit. This will destroy the credentials cache and you will need to provide new credentials.

  5. Specify the Administrator credentials or the credentials of the user that has sufficient rights, and then press ok.

    NOTE:The credentials that you provide are valid only for this session.

For more information, see Joining Cluster Pools to the AD Domain in the OES 23.4: NSS File System Administration Guide for Linux.

For more information about commandline options, see novell-ad-util in the OES 23.4: NSS AD Administration Guide.