6.1 Joining the Cluster Node to an Active Directory Domain

6.1.1 Prerequisites

  • We recommend that you upgrade all nodes to OES 23.4 in order to provide users uninterrupted access to their data.

  • The DNS names of the domain controller and the OES 23.4 server must resolve each other.

  • The clocks on the OES 23.4 server and Active Directory server must be in sync in order for Kérberos to work properly.

  • You join a computer to Active Directory with a domain administrator, or a domain administrator equivalent, or a standard domain user account with sufficient rights.

    If you plan to designate a standard user, refer to Microsoft documents for configuration details.

6.1.2 NSS-AD Support Pattern

The OES installation process remains same as in previous releases. Selecting the NSS AD Support pattern also selects and installs all the other dependencies.

NSS AD Support requires configuration in order for the installation to proceed further. If you want to configure it later, disable it, and then continue with the installation.

6.1.3 Configuring NSS for Active Directory

Accept the advisory notes and then click Next to proceed the installation further.

AD Domain Name: Displays the domain name based on this server's LAN settings. Specify the domain name if you want to join to a different domain.

AD User Name: Specify the user credentials of the Administrator, or an administrator equivalent, or a standard domain user with sufficient rights to create computer objects.

AD Supervisor Group: Specify the AD supervisor group name. The AD users belonging to this group will have supervisory rights for all the volumes associated with that OES server.

Container to create Computer Object: By default, the domain join process creates the computer object for this server to the default container CN=Computers. If you specify a different Organizational Unit, for example, OU=OES2023Servers, it adds the computer object to that OU. Create the OU before you start configuring NSS for Active Directory.

Use pre-created computer object: Selecting this check box maps this server to the Computer Object that exists in the container you specified. Before you start configuring NSS for Active Directory, create the Computer Object with the NetBIOS name of the node.

Novell Identity Translator: OES includes a service named Novell Identity Translator (NIT) that dynamically provides Linux user IDs on OES 2018 or later systems to eDirectory and Microsoft Active Directory users for NSS file access. NIT can be configured to work with either eDirectory only or both eDirectory and Active Directory.

For more information about command line options, see novell-ad-util in the OES 23.4: NSS AD Administration Guide.