According to the attached cifs-gendiag.txt, the domain join operation failed with the same error. Since you didn't answer my question directly, I'd assume the other OU admin account's password also contains more than 20 characters. If you cannot reset your password, please wait for the fix for the following CR and try again.
6749075 Unable to join domain if user password exceeds 20 characters Natalie Burger, Matthew Ryan wrote: > Hello, > > Sorry for the delay, but I have been trying a bunch of different configs to > get this working. > > Anyway, here is the information that you had requested.... > > Thanks again, > > Matthew > > > > -bash-3.2# sh cifs-chkcfg > svcs: Pattern 'samba' doesn't match any instances > /etc/pam.conf is not configured for workgroup mode > run: echo other password required pam_smb_passwd.so.1 nowarn >> /etc/pam.conf > > > > > > ________________________________________ > From: [EMAIL PROTECTED] [EMAIL PROTECTED] > Sent: Thursday, September 18, 2008 11:02 AM > To: Burger, Matthew Ryan > Cc: [email protected]; Wade, Joseph B > Subject: Re: [cifs-discuss] [storage-discuss] [Fwd: CIFS Server Joining IU's > ADS] > > Matt, > > Shorter password ... is it less than 20 characters? What was the error > returned by smbadm CLI when using a shorter password? > Please provide us with a network trace, capturing the traffic between the > domain controller and the Solaris CIFS server. > As always, please run the following scripts and send us the output: > > > http://opensolaris.org/os/project/cifs-server/files/cifs-chkcfg > http://opensolaris.org/os/project/cifs-server/files/cifs-gendiag > > > Natalie > > Burger, Matthew Ryan wrote: > We tried this with another one of our OU admins and are still experiencing > the same problem. His password is shorter, but has had issues in the past > with getting his account to join machines. I don’t know if the long password > issue is our only problem, but look forward to its resolution to test further. > > Thanks, > > Matt > > From: [EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]> [mailto:[EMAIL PROTECTED] > Sent: Wednesday, September 17, 2008 12:06 PM > To: Burger, Matthew Ryan > Cc: [email protected]<mailto:[email protected]>; Wade, > Joseph B > Subject: Re: [cifs-discuss] [storage-discuss] [Fwd: CIFS Server Joining IU's > ADS] > > The following CR has been filed: > > 6749075 Unable to join domain if user password exceeds 20 characters > > Natalie > > Natalie Li wrote: > Thanks for your input. I've reproduced the problem here when using a really > long password. The use of special characters is fine. > For now, you may want to work around the problem by using a shorter > passwood/passphrase. > > Natalie > > Natalie Li wrote: > The NetBIOS domain name is basically the pre-Windows 2000 domain name. Open > up "Active Directory Users and Computers" GUI on one of your domain > controller. Right click on "ads.iu.edu" object and select Properties. > > Based on your test results, it appears that your domain controller fails to > authenticate the specified user via NTLM (lmauth_level=2) and NTLMv2 > (lmauth_level=<default_value=4>). However, Kerberos authentication seems to > work fine. > > Could you please tell us the exact length of your passphrase and if it > contains any special characters? > > Thanks, > > Natalie > > Burger, Matthew Ryan wrote: > > No problem, thank you very much for all of your help.... > > 1.) Windows Server 2003 R2 > > 2.)ads.iu.edu (????) It is a collection of machines, on both main campuses, > > and all are set to ads.iu.edu > > 3.) yes, I ran ntpdate iu-mssg-adsdc01.ads.iu.edu > > 4.)hahahaha, yes, I actually do have a really long passphrase, so I tried it > > several times and typed very slowly > > 5.) yes, definitely, I am logged into the domain right now > > > > 1.) ran again to be sure > > 2.) ran sharectl > > 3.) ran standard kinit maburger, results below: > > > > bash-3.2# kinit maburger > > Password for [EMAIL PROTECTED]:<mailto:[EMAIL PROTECTED]:> > > bash-3.2# klist > > Ticket cache: FILE:/tmp/krb5cc_0<FILE:///%5C%5Ctmp%5Ckrb5cc_0> > > Default principal: [EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]> > > > > Valid starting Expires Service principal > > 09/16/08 08:31:44 09/16/08 18:31:57 krbtgt/[EMAIL > PROTECTED]<mailto:krbtgt/[EMAIL PROTECTED]> > > renew until 09/23/08 08:31:44 > > > > -----Original Message----- > > From: [EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]> [mailto:[EMAIL PROTECTED] > > Sent: Monday, September 15, 2008 11:56 PM > > To: Burger, Matthew Ryan > > Cc: Afshin Salek; > [email protected]<mailto:[email protected]>; Wade, > Joseph B; Nicolas > > Williams > > Subject: Re: [cifs-discuss] [storage-discuss] [Fwd: CIFS Server Joining IU's > > ADS] > > > > Thanks for the dtrace output. Apparently, the domain controller (i.e. > > iu-mssg-adsdc01) fails to authenticate the given user. I'd like to get > > some clarifications: > > > > 1) Which OS version does the domain controller run? > > 2) What's the NetBIOS name (a.k.a. "flat" domain name) of ADS.IU.EDU domain? > > 3) Is the clock of your Solaris CIFS server sync'd with the clock of the > > specified domain controller? > > 4) Did you enter the correct password of the given user (i.e.maburger) > > when joining the domain? ;-) > > 5) Is "maburger" a valid user account in ADS.IU.EDU domain? ;-) > > > > Try the following: > > > > 1) Run `ntpdate iu-mssg-adsdc01.ads.iu.edu`. Then, join the domain > > using smbadm CLI. > > 2) If the above doesn't work, run `sharectl set -p lmauth_level=2 smb`. > > Then, join the domain using smbadm CLI. > > 3) Run `kinit maburger` as root. Any errors? > > > > Natalie > > > > > > ________________________________ > > > > > > > _______________________________________________ > > cifs-discuss mailing list > > [email protected]<mailto:[email protected]> > > http://mail.opensolaris.org/mailman/listinfo/cifs-discuss > > > > > > > > ________________________________ > > > > > > > _______________________________________________ > > cifs-discuss mailing list > > [email protected]<mailto:[email protected]> > > http://mail.opensolaris.org/mailman/listinfo/cifs-discuss > > > > > > > > > > ________________________________ > > > > > > > _______________________________________________ > > cifs-discuss mailing list > > [email protected]<mailto:[email protected]> > > http://mail.opensolaris.org/mailman/listinfo/cifs-discuss > > > > > > > ________________________________ > > _______________________________________________ > cifs-discuss mailing list > [email protected]<mailto:[email protected]> > http://mail.opensolaris.org/mailman/listinfo/cifs-discuss > > > _______________________________________________ cifs-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
