Hello,
Sorry for the delay, but I have been trying a bunch of different configs to get
this working.
Anyway, here is the information that you had requested....
Thanks again,
Matthew
-bash-3.2# sh cifs-chkcfg
svcs: Pattern 'samba' doesn't match any instances
/etc/pam.conf is not configured for workgroup mode
run: echo other password required pam_smb_passwd.so.1 nowarn >> /etc/pam.conf
________________________________________
From: [EMAIL PROTECTED] [EMAIL PROTECTED]
Sent: Thursday, September 18, 2008 11:02 AM
To: Burger, Matthew Ryan
Cc: [email protected]; Wade, Joseph B
Subject: Re: [cifs-discuss] [storage-discuss] [Fwd: CIFS Server Joining IU's
ADS]
Matt,
Shorter password ... is it less than 20 characters? What was the error returned
by smbadm CLI when using a shorter password?
Please provide us with a network trace, capturing the traffic between the
domain controller and the Solaris CIFS server.
As always, please run the following scripts and send us the output:
http://opensolaris.org/os/project/cifs-server/files/cifs-chkcfg
http://opensolaris.org/os/project/cifs-server/files/cifs-gendiag
Natalie
Burger, Matthew Ryan wrote:
We tried this with another one of our OU admins and are still experiencing the
same problem. His password is shorter, but has had issues in the past with
getting his account to join machines. I don’t know if the long password issue
is our only problem, but look forward to its resolution to test further.
Thanks,
Matt
From: [EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]> [mailto:[EMAIL PROTECTED]
Sent: Wednesday, September 17, 2008 12:06 PM
To: Burger, Matthew Ryan
Cc: [email protected]<mailto:[email protected]>; Wade,
Joseph B
Subject: Re: [cifs-discuss] [storage-discuss] [Fwd: CIFS Server Joining IU's
ADS]
The following CR has been filed:
6749075 Unable to join domain if user password exceeds 20 characters
Natalie
Natalie Li wrote:
Thanks for your input. I've reproduced the problem here when using a really
long password. The use of special characters is fine.
For now, you may want to work around the problem by using a shorter
passwood/passphrase.
Natalie
Natalie Li wrote:
The NetBIOS domain name is basically the pre-Windows 2000 domain name. Open up "Active
Directory Users and Computers" GUI on one of your domain controller. Right click on
"ads.iu.edu" object and select Properties.
Based on your test results, it appears that your domain controller fails to
authenticate the specified user via NTLM (lmauth_level=2) and NTLMv2
(lmauth_level=<default_value=4>). However, Kerberos authentication seems to
work fine.
Could you please tell us the exact length of your passphrase and if it contains
any special characters?
Thanks,
Natalie
Burger, Matthew Ryan wrote:
No problem, thank you very much for all of your help....
1.) Windows Server 2003 R2
2.)ads.iu.edu (????) It is a collection of machines, on both main campuses,
and all are set to ads.iu.edu
3.) yes, I ran ntpdate iu-mssg-adsdc01.ads.iu.edu
4.)hahahaha, yes, I actually do have a really long passphrase, so I tried it
several times and typed very slowly
5.) yes, definitely, I am logged into the domain right now
1.) ran again to be sure
2.) ran sharectl
3.) ran standard kinit maburger, results below:
bash-3.2# kinit maburger
Password for [EMAIL PROTECTED]:<mailto:[EMAIL PROTECTED]:>
bash-3.2# klist
Ticket cache: FILE:/tmp/krb5cc_0<FILE:///%5C%5Ctmp%5Ckrb5cc_0>
Default principal: [EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]>
Valid starting Expires Service principal
09/16/08 08:31:44 09/16/08 18:31:57 krbtgt/[EMAIL
PROTECTED]<mailto:krbtgt/[EMAIL PROTECTED]>
renew until 09/23/08 08:31:44
-----Original Message-----
From: [EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]> [mailto:[EMAIL PROTECTED]
Sent: Monday, September 15, 2008 11:56 PM
To: Burger, Matthew Ryan
Cc: Afshin Salek;
[email protected]<mailto:[email protected]>; Wade, Joseph
B; Nicolas
Williams
Subject: Re: [cifs-discuss] [storage-discuss] [Fwd: CIFS Server Joining IU's
ADS]
Thanks for the dtrace output. Apparently, the domain controller (i.e.
iu-mssg-adsdc01) fails to authenticate the given user. I'd like to get
some clarifications:
1) Which OS version does the domain controller run?
2) What's the NetBIOS name (a.k.a. "flat" domain name) of ADS.IU.EDU domain?
3) Is the clock of your Solaris CIFS server sync'd with the clock of the
specified domain controller?
4) Did you enter the correct password of the given user (i.e.maburger)
when joining the domain? ;-)
5) Is "maburger" a valid user account in ADS.IU.EDU domain? ;-)
Try the following:
1) Run `ntpdate iu-mssg-adsdc01.ads.iu.edu`. Then, join the domain
using smbadm CLI.
2) If the above doesn't work, run `sharectl set -p lmauth_level=2 smb`.
Then, join the domain using smbadm CLI.
3) Run `kinit maburger` as root. Any errors?
Natalie
________________________________
_______________________________________________
cifs-discuss mailing list
[email protected]<mailto:[email protected]>
http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
________________________________
_______________________________________________
cifs-discuss mailing list
[email protected]<mailto:[email protected]>
http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
________________________________
_______________________________________________
cifs-discuss mailing list
[email protected]<mailto:[email protected]>
http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
________________________________
_______________________________________________
cifs-discuss mailing list
[email protected]<mailto:[email protected]>
http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
