Ross Smith wrote: > It's not quite the same any more though Natalie, the CIFS admin guide > recommends having these two lines in krb5.conf: > kpasswd_server = dc.example.com > kpasswd_protocol = SET_CHANGE > The configuration of the kpasswd_server is a requirement for joining a domain with multiple domain controllers. If you only have one domain controller, the kpasswd_server can be omitted. > When I first started playing with CIFS (very early builds, 78 or so > from memory) I'm pretty sure I got CIFS working without those, in > later builds (91 onwards) they were definitely needed. Now however, > with build 103, I had to remove those lines before I could join the > domain. > > It's really strange. If you don't configure kpasswd_protocol, RPCSEC_GSS will be used. The Kerberos set/change password protocol (i.e. SET_CHANGE) is what you need for changing the machine password stored on Microsoft Active Directory. Are we talking about an AD domain? Is it a single or multiple DC environment?
Could you send us the following network traces? 1) with kpasswd_server and kpasswd_protocol set in krb5.conf First join your system to a workgroup. Then, Join your system to a domain. 2) w/o the above 2 lines in krb5.conf First join your system to a workgroup. Then, Join your system to a domain. Thanks, Natalie > Ross > _______________________________________________ > cifs-discuss mailing list > [email protected] > http://mail.opensolaris.org/mailman/listinfo/cifs-discuss > _______________________________________________ cifs-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
