Chapter 4 System Configuration
© 2017 Harmonic Inc. All rights reserved.
123
Harmonic MediaGrid Release 4.1
Joining a Harmonic MediaGrid Cluster to a Windows Domain
4. Update the following configuration file:
/opt/omclb/conf/smb.conf
Note the following settings:
security = ADS
workgroup = <AD Workgroup>
realm = <AD Realm>
password server = <ADS Domain Controller FQDN>
add user script = /opt/omutils/bin/omadduser %u
winbind use default domain = no
a. Replace <AD Workgroup> with the name of the ActiveDirectory Workgroup.
b. Replace <AD Realm> with the name of the ActiveDirectory Realm.
c. Replace <ADS Domain Controller FQDN> with the Fully Qualified Domain Name of the
ActiveDirectory server.
5. Copy
/opt/omclb/conf/smb.conf
to
/etc/samba/smb.conf
.
6. Update the following configuration file:
/etc/krb5.conf
[libdefaults]
default_realm = <AD Realm in UPPERCASE>
:
[realms]
<AD Realm in UPPERCASE> = {
kdc = <ADS Domain Controller FQDN>
}
:
.kerberos_server = <AD Realm in UPPERCASE>
a. Replace instances of <AD Realm in UPPERCASE> with the name of the ActiveDirectory
Realm in all uppercase letters.
b. Replace instance <ADS Domain Controller FQDN> with the Fully Qualified Domain Name
of the ActiveDirectory server.
Join the High Bandwidth ContentBridge to the Active Directory Domain
1. Make sure you are logged on to the High Bandwidth ContentBridge, and then enter the
following command:
sudo net ads join -U<AD_Admin>%<password> -S
<ADS_Domain_Controller_FQDN>
NOTE:
Upon joining the AD domain, the Samba server creates a local temporary database on the High
Bandwidth ContentBridge at: /var/lib/samba/private/secrets.tdb.
2. As a final step, you must remove any “CB” entries that provide access to individual users from
the /etc/gateway.conf and /etc/passwd files.
a. Open
/etc/gateway.conf
and delete entries for individual users beginning with “CB.”
b. Open
/etc/passwd
and delete entries for the same individual users (the entries do not
contain “CB” in this file).
NOTE:
In order to access the Harmonic MediaGrid, the individual users must be added to the Active
Directory domain.
3. Restart the gateway service. For example, for a High Bandwidth ContentBridge with hostname
hbcb205
:
sudo service gateway restart