07-28-2013 05:22 PM
I have the following situation:
An already configured two node VCS cluster (6.01 version) in Solaris 10 Sparc. We have installed the cluster in non-secure mode. The cluster has been working and the only configured used is the "admin" built in account.
We have a Active Directory environment and we want to integrate its users to the VCS cluster. Is it possible to do that? We have to reconfigure the cluster in secure mode to do that? If yes, how to reconfigure an already configured cluster?.
Thanks in advance and best regards
07-29-2013 06:05 PM
You may want to refer to this article here:
07-30-2013 05:30 AM
Thanks for your reply. This note mention how to enable ldap when the cluster is in secure mode. The question is that my VCS configuration is not in secure mode. How can I enable ldap in non secure mode ?
07-30-2013 10:52 PM
To use any other authentication methods the cluster has to be running in secure mode.
One of the benfits of using secure cluster:
Authentication of users through native OS-based domains, such as nis, nisplus, Active Directory, and so on
I did a little research but unfortunately i couldnt find any document that talks about non-secure and AD authentication.
08-02-2013 12:37 PM
Non-secure VCS means using VCS authentication which is insecure as this is just encrypted passwords in the main.cf file. Secure VCS gives option of using O/S authentication which is more secure, so to use AD authentication you must use a secure cluster, but you do not need to use ldap to use AD.
The way you would use AD authentication in a Solaris VCS 5.1 cluster was:
I have done the above and it works fine, but it is a bit tricky as if RB is a UNIX server, then step 2 is difficult so it is better to have RB as a Windows server, but a lot of customers ending up having multiples RBs which didn't work that well as the RBs didn't trust either without manually adding trusts In 6.0, this has changed as now every node is an RB and I believe you have to setup trusts, and it looks as though created trusts has been made easier.
So in 6.0 I THINK you need to:
For step 4 you can add users to VCS by adding names to UserNames cluster attribute like "mike@ntdomain" (and add user to cluster or group Administrators or Operators attribute), but I would recommended using AD user groups (create an AD user group especially for users accessing VCS or use an appropiate existing AD group) and then add AD user group to cluster attribute or group attribute AdministratorGroups or OperatorGroups.