Since the second attempt didn't yield the same LOGON_FAILURE error, I'd safely assume that you have mis-typed the password for the first time. The log message "smb_ads_modify_computer: Insufficient access " indicates that user authentication succeeded but the ldap operations failled due to insufficient rights. Please join the domain with a domain admin account until the fix for CR 6764696 is available.
Natalie Jay Wineinger wrote: > Windows Server 2K3 > > Natalie Li wrote: >> Which OS version does your domain controller run? >> >> Natalie >> >> Jay Wineinger wrote: >>> Natalie, >>> jwineinger should be, but I cant double-check the AD at the >>> moment. I've tried with another account that I'm sure is in Domain >>> Admins with nearly the same result. The first attempt gave a >>> LOGON_FAILURE, which gave me hope (that I had just fat-fingered >>> something in the password), but subsequent attempts yielded the same >>> UNSUCCESSFUL message. >>> >>> Jay >>> >>> Natalie Li wrote: >>> >>>> If "jwineinger" is not a member of Domain Admins group, you have >>>> run into CR 6764696. In the meantime, please ask your domain >>>> administrator to join the domain for you. >>>> >>>> You can monitor the progress of this bug via bugs.opensolaris.org. >>>> >>>> Thanks, >>>> >>>> Natalie >>>> >>>> Jay Wineinger wrote: >>>> >>>>> Ok, I've updated. >>>>> >>>>> [EMAIL PROTECTED]:~# uname -a >>>>> SunOS FileSrv2 5.11 snv_101a i86pc i386 i86pc Solaris >>>>> >>>>> [EMAIL PROTECTED]:~# smbadm join -u jwineinger ematrixsports.net >>>>> This system is already a member of WORKGROUP. >>>>> Would you like to join the new domain? [no]: yes >>>>> Enter domain password: >>>>> Joining 'ematrixsports.net' ... this may take a minute ... >>>>> failed to join domain 'ematrixsports.net' (UNSUCCESSFUL) >>>>> >>>>> [EMAIL PROTECTED]:~# dmesg >>>>> <snip> >>>>> Nov 8 13:33:53 FileSrv2 idmap[692]: [ID 153168 daemon.notice] >>>>> Couldn't open and SASL bind LDAP connections to any domain >>>>> controllers; discovery of some items will fail >>>>> Nov 8 13:33:53 FileSrv2 last message repeated 3 times >>>>> Nov 8 13:41:48 FileSrv2 smbd[715]: [ID 362282 daemon.error] ads: >>>>> Retry kinit to acquire credential. >>>>> Nov 8 13:41:48 FileSrv2 smbd[715]: [ID 292509 daemon.error] >>>>> smb_ads_modify_computer: Insufficient access >>>>> Nov 8 13:41:48 FileSrv2 smbd[715]: [ID 871254 daemon.error] smbd: >>>>> failed joining ematrixsports.net (UNSUCCESSFUL) >>>>> >>>>> >>>>> >>>>> Afshin Salek wrote: >>>>> >>>>> >>>>>> Before anything, if it's possible for you I'd recommend to upgrade >>>>>> to the latest build available because 2008.05 is too old (as far >>>>>> as CIFS >>>>>> development is concerned) and many bugs have been fixed since then. >>>>>> >>>>>> Afshin >>>>>> >>>>>> Jay Wineinger wrote: >>>>>> >>>>>>> Hey all, I'm new to Solaris -- sorry if I sound like it. I just >>>>>>> installed 2008.05 onto a machine that I want to join to a >>>>>>> windows domain. Ill just show the steps I've followed trying to >>>>>>> get this working. >>>>>>> >>>>>>> Immediately after initial boot, I updated pkg according to >>>>>>> http://opensolaris.org/os/project/indiana/resources/relnotes/200805/x86/#Update_Inst >>>>>>> >>>>>>> >>>>>>> >>>>>>> I then started following >>>>>>> http://www.genunix2.org/wiki/index.php/Getting_Started_With_the_Solaris_CIFS_Service, >>>>>>> >>>>>>> starting with the section "How to Install the Solaris CIFS >>>>>>> Service Software (OpenSolaris)" and then "How to Join an AD >>>>>>> Domain". I dont (think i) need anything beyond ephemeral >>>>>>> mapping. To summarize: /etc/resolve.conf has proper domain, >>>>>>> search, and namerserver entries. /etc/nsswitch.conf has "host: >>>>>>> files dns", /etc/krb5/krb5.conf is setup just like >>>>>>> http://docs.sun.com/app/docs/doc/820-2429/configuredomainmodetask >>>>>>> except with my info substituted for example.com >>>>>>> <http://example.com>. >>>>>>> >>>>>>> All goes well until i try to join the domain with "smbadm join >>>>>>> -u myuser mydomain". It asks for my password, pauses for a >>>>>>> second or two and then returns with an UNSUCCESSFUL message. In >>>>>>> dmesg, I see >>>>>>> >>>>>>> Nov 7 13:41:32 FileSrv2 smbd[12699]: [ID 995127 daemon.error] >>>>>>> dyndns: UDP send error (Bad file number) >>>>>>> Nov 7 13:41:32 FileSrv2 smbd[12699]: [ID 342079 daemon.error] >>>>>>> smb_ads: send/receive error >>>>>>> Nov 7 13:41:34 FileSrv2 smbd[12699]: [ID 362282 daemon.error] >>>>>>> ads: Retry kinit to acquire credential. >>>>>>> Nov 7 13:41:34 FileSrv2 smbd[12699]: [ID 452752 daemon.error] >>>>>>> ads_modify_computer: Insufficient access >>>>>>> Nov 7 13:41:35 FileSrv2 smbd[12699]: [ID 871254 daemon.error] >>>>>>> smbd: failed joining ematrixsports.net >>>>>>> <http://ematrixsports.net> (UNSUCCESSFUL) >>>>>>> >>>>>>> So I tried debugging kerberos stuff. >>>>>>> # kinit jwineinger >>>>>>> Password for [EMAIL PROTECTED]: >>>>>>> # kinit -k >>>>>>> kinit(v5): Cannot resolve network address for KDC in requested >>>>>>> realm while getting initial credentials >>>>>>> >>>>>>> And for good measure, I downloaded the cifs-chkcfg script and >>>>>>> ran it. >>>>>>> # ./cifs-chkcfg >>>>>>> CIFS driver (smbsrv) is not loaded >>>>>>> try: modload -p smbsrv >>>>>>> # modload -p smbsrv >>>>>>> can't load module: No such file or directory >>>>>>> >>>>>>> So, in all honestly, I'm just thrashing around in the dark here, >>>>>>> but I'd love (and need) to get this system up and working on our >>>>>>> domain. I'm not sure what I'm missing. >>>>>>> >>>>>>> thanks for any help >>>>>>> Jay >>>>>>> >>>>>>> >>>>>>> ------------------------------------------------------------------------ >>>>>>> >>>>>>> >>>>>>> >>>>>>> _______________________________________________ >>>>>>> cifs-discuss mailing list >>>>>>> [email protected] >>>>>>> http://mail.opensolaris.org/mailman/listinfo/cifs-discuss >>>>>>> >>>>> _______________________________________________ >>>>> cifs-discuss mailing list >>>>> [email protected] >>>>> http://mail.opensolaris.org/mailman/listinfo/cifs-discuss >>>>> >>> >>> _______________________________________________ >>> cifs-discuss mailing list >>> [email protected] >>> http://mail.opensolaris.org/mailman/listinfo/cifs-discuss >>> >> > _______________________________________________ cifs-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
