Thanks for the requested info. The output from "klist -k" indicates that the keys for the host principal are setup properly by smbadm join CLI. Thus, idmapd should have been able to contact the AD using the host credentials. Based on the output from "cifs-chkcfg", your domain configuration looks good.
Natalie Victor Hooi wrote: > heya, > > The output from "klist -k": > > [EMAIL PROTECTED]:~/Desktop# klist -k > Keytab name: FILE:/etc/krb5/krb5.keytab > KVNO Principal > ---- > -------------------------------------------------------------------------- > 2 host/[EMAIL PROTECTED] > 2 host/[EMAIL PROTECTED] > 2 host/[EMAIL PROTECTED] > 2 host/[EMAIL PROTECTED] > 2 host/[EMAIL PROTECTED] > 2 nfs/[EMAIL PROTECTED] > 2 nfs/[EMAIL PROTECTED] > 2 nfs/[EMAIL PROTECTED] > 2 nfs/[EMAIL PROTECTED] > 2 nfs/[EMAIL PROTECTED] > 2 HTTP/[EMAIL PROTECTED] > 2 HTTP/[EMAIL PROTECTED] > 2 HTTP/[EMAIL PROTECTED] > 2 HTTP/[EMAIL PROTECTED] > 2 HTTP/[EMAIL PROTECTED] > 2 root/[EMAIL PROTECTED] > 2 root/[EMAIL PROTECTED] > 2 root/[EMAIL PROTECTED] > 2 root/[EMAIL PROTECTED] > 2 root/[EMAIL PROTECTED] > > The output from "cifs-chkcfg": > > [EMAIL PROTECTED]:~/Desktop# ./cifs-chkcfg > svcs: Pattern 'samba' doesn't match any instances > > Incidentally, I ran "svcadm clear smb/server", and the service now appears to > be in a running state. > > I added a single idmap rule-line: > > "idmap add 'wingroup:[EMAIL PROTECTED]' 'unixuser:victorh;" > > and then tried accessing the share directly from the Windows 2008 DC. Under > "Administrator", it seemed to let me access the share directly, without > having to type in any credentials? And another normal domain user was able to > as well, which is strange, right? > > Well, I'm happy it works and is accessible =), but I think I may have > misconfigured something here? > > I just set up Folder Redirection pointing directly to that computer > (\\192.168.1.107\rpool_test - bad, I know, but I'm just trying to make sure > this works for now), and it seems to be working, at least for Administrator, > but I'd like to know the recommended practice for setting up this up? And I > suppose I need to get idmap working properly, now, and figure out > > Cheers, > Victor > -- > This message posted from opensolaris.org > _______________________________________________ > cifs-discuss mailing list > cifs-discuss@opensolaris.org > http://mail.opensolaris.org/mailman/listinfo/cifs-discuss > _______________________________________________ cifs-discuss mailing list cifs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
