On Fri, Oct 31, 2008 at 11:54:39AM -0700, Richard Bruce wrote: > # smbadm join -u ali uwhis.hosp.wisc.edu > This operation requires that the service be restarted. > Would you like to continue? [no]: yes > Enter domain password: > Joining 'uwhis.hosp.wisc.edu' ... this may take a minute ... > failed to join domain 'uwhis.hosp.wisc.edu' (UNSUCCESSFUL)
I think someone from the CIFS team will send you a script to try to find out what went wrong, but it's seems likely that you don't have the authorization to create machine accounts, so do check that first (and if that's the problem then either get a domain administrator to do this for you or to grant you the authorization to do it; alternatively, if you have access to a domain admin account, then use it). (There's a bug in smbadm join in that it tries to set the trusted-for-delegation flag for the new machine account, and you may have authorization to create machine accounts, but not to set that flag.) > This leads me to think that the problem is with LDAP. Here is the > output from "ldapclient" when trying to get it configured: ldapclient(1M) is something you'd use if you're: a) using a directory server with RFC2307 schema for name service, or b) using Active Directory with schema mapping for name service via nss_ldap. > # ldapclient -v init 10.101.1.50 That's not going to work -- you'd need to specify schema mapping (yes, that should be auto-detected, but it isn't yet). > Questions: 1) Why does LDAP need an nisDomainObject when we are not > running NIS? 2) Do I have to add the nisDomainObject to the AD before > I can get the LDAP client running? If so, where specifically does > this need to be added? 1) Because this is the "native LDAP client" we're talking about; see RFC2307. 2) No. If you want to use nss_ldap against AD you need to setup schema mapping. See: http://www.sun.com/bigadmin/features/articles/kerberos_s10.pdf Nico -- _______________________________________________ cifs-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
