According to both the syslog and the dtrace script, the domain join
operation failed since the kdc doesn't grant Kerberos TGT for the
specified user. It is most likely caused by misconfiguration in your
krb5.conf. Please modify your krb5.conf as indicated below and try again.
[libdefaults]
default_realm = uwhis.hosp.wisc.edu -> Should be default_realm =
UWHIS.HOSP.WISC.EDU
[realms]
uwhis.hosp.wisc.edu = { -> Should be UWHIS.HOSP.WISC.EDU = {
kdc = uwhis-ads01.uwhis.hosp.wisc.edu
admin_server = uwhis-ads01.uwhis.hosp.wisc.edu
kpasswd_server = uwhis-ads01.uwhis.hosp.wisc.edu
kpasswd_protocol = SET_CHANGE
}
[domain_realm]
.uwhis.hosp.wisc.edu = uwhis.hosp.wisc.edu -> Should be
.uwhis.hosp.wisc.edu = UWHIS.HOSP.WISC.EDU
-> Should also add uwhis-ads01.uwhis.hosp.wisc.edu = UWHIS.HOSP.WISC.EDU
The Kerberos realm should be upper-case as mentioned in CIFS admin guide.
Natalie
Richard Bruce wrote:
Natalie,
Thanks again for your help. My apologies for the delay. Attached is the
output you asked for. I am hoping that you can direct me to a boneheaded
configuration mistake that I have made somewhere along the line.
Richard
Please send us the output from the attached dtrace
script. Prior to
running smbadm join CLI, start the following in
another shell for
tracing the domain join operation:
./domainjoin_trace_krb5.d -p `pgrep smbd` | tee
trace.out
Also, the output from the following script:
http://opensolaris.org/os/project/cifs-server/files/ci
fs-gendiag
------------------------------------------------------------------------
_______________________________________________
cifs-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
_______________________________________________
cifs-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
