Spoke too soon.... here's the dmesg detail: Apr 22 14:31:28 dev-cask idmap[2639]: [ID 873961 daemon.info] change global_catalog=dev-vmbwdc1.bourbon.liquor.dev port=3268 Apr 22 14:31:28 dev-cask idmap[2639]: [ID 873961 daemon.info] change global_catalog=dev-vmbstopdc1.bstop.liquor.dev port=3268 Apr 22 14:31:28 dev-cask idmap[2639]: [ID 873961 daemon.info] change global_catalog=dev-vmfrdc1.liquor.dev port=3268 Apr 22 14:31:28 dev-cask idmap[2639]: [ID 452674 daemon.info] change domains_in_forest=liquor.dev All looks ok here. But 10 minutes later.... Apr 22 14:41:29 dev-cask idmap[2639]: [ID 873961 daemon.info] change global_catalog=dev-vmbstopdc1.bstop.liquor.dev port=3268 Apr 22 14:41:29 dev-cask idmap[2639]: [ID 873961 daemon.info] change global_catalog=dev-vmfrdc1.liquor.dev port=3268 Apr 22 14:41:29 dev-cask idmap[2639]: [ID 873961 daemon.info] change global_catalog=dev-vmbwdc1.bourbon.liquor.dev port=3268 Apr 22 14:41:29 dev-cask idmap[2639]: [ID 452674 daemon.info] change domains_in_forest=bstop.liquor.dev
We're back to this incorrect listing of bstop as forest root. On Wed, Apr 22, 2009 at 10:42 AM, Matt Feightner <[email protected]>wrote: > Nico, > > That missing trust may have been an issue. Now I'm getting the following > in dmesg: > change domains_in_forest=liquor.dev > > whereas before, we were seeing that line listed as: > change domains_in_forest=bstop.liquor.dev > > Also 'idmap show' commands are also working now. > > I'll continue testing share access thru today, and post my findings > tomorrow. > > Thanks again, > MattF > > > > > On Wed, Apr 22, 2009 at 10:08 AM, Matt Feightner <[email protected]>wrote: > >> Nico, >> >> Yes, still getting intermittent share access failures. >> >> Yes, both dev-vmbwdc1 and dev-vmfrdc1 are reachable from all subnets of >> DevPRV. >> >> 'Normally all domains in a forest trust each other.' - I will add a >> reciprocal trust between bstop and bourbon to make it consistent throughout >> the forest, just to see if that has any effect. >> >> Thanks, >> MattF >> >> >> >> >> On Tue, Apr 21, 2009 at 6:17 PM, Nicolas Williams < >> [email protected]> wrote: >> >>> On Tue, Apr 21, 2009 at 10:10:59PM +0000, [email protected] wrote: >>> > Nico, I've had a look at the domain and site configuration. I think all >>> > looks ok, except there are some domain trust relationships that are not >>> > uniform throughout the environment. >>> > >>> > Here's the info, does anything stick out at you that I may have missed? >>> > >>> > Forest root: liquor.dev >>> > - DC: dev-vmfrdc1 >>> > Child domain: bstop.liquor.dev >>> > - DC: dev-vmbstopdc1 >>> > Child domain: scotch.liquor.dev >>> > - DC: dev-vmswdc1 >>> > Child domain: bourbon.liquor.dev >>> > - DC: dev-vmbwdc1 >>> > >>> > - Two-way trusts between liquor.dev and all children >>> > - Two-way trusts between bourbon and scotch >>> > - bstop trusts bourbon but no reciprocal trust...-? >>> >>> Normally all domains in a forest trust each other. Explicit trusts are >>> useful for providing cross-realm Kerberos V short-cuts, mostly. >>> >>> > Sites: 1. Default-First-Site-Name >>> > - DC: dev-vmbstopdc1 (bstop.liquor.dev) >>> > >>> > 2. DevPRV >>> > - DC: dev-vmbwdc1 (bourbon.liquor.dev) >>> > - DC: dev-vmfrdc1 (liquor.dev) >>> >>> And both dev-vmbwdc1 and dev-vmfrdc1 are reachable from all subnets of >>> DevPRV? >>> >>> > 3. DevDMZ >>> > - DC: dev-vmswdc1 (scotch.liquor.dev) >>> > >>> > All 4 DCs are Global Catalog servers. >>> > >>> > One other thing I noticed: domain functional level is Windows 2003 for >>> all >>> > domains except bstop.liquor.dev, which is 2000 mixed. Not sure if this >>> > would make any difference for CIFS. >>> >>> I don't think so. >>> >>> > Thank you for your assistance -- I really appreciate it! >>> >>> One thing I'm not clear on: are things still not working? >>> >>> Nico >>> -- >>> >> >> >
_______________________________________________ cifs-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
