Re: [cifs-discuss] FW: idmap failures causing interruptions in CIFSshareaccess

Fri, 24 Apr 2009 10:10:15 -0700 

On Fri, Apr 24, 2009 at 11:30:22AM -0400, Matt Feightner wrote:
> Anyway, the good news is that your settings are working!  I've not seen an
> interruption in share access for 23 hours since I made these changes.  I'll
> continue to monitor the situation, but for now it's looking very good!

Great.  I'll update the CR with this workaround.

> Please let me know if I can provide any further details, logs, etc to assist
> you.

Logs would help.  You can set the config/debug property (any type and
value will do), refresh the idmap service, and then the service's
logfile (see svcs -xv idmap) will get debug logs.  Don't forget to turn
off debug mode later (remove the property and refresh the service).

Also, I could use the results of running the script below (as you can
see it does a few LDAP searches).  You should kinit first, if you're
running it as yourself, else just run it as root.  Either way read the
script first.

Nico


#!/bin/ksh

PATH=/usr/bin

[[ $# -ne 2 ]] && {
        # We could borrow adjoin code to discover the forest name and
        # GCs, but this is a quick-n-dirty script
        print -u2 "Usage: $0 <forest-name> <GC-hostname>"
        exit 1
}

set -o noglob
OIFS=$IFS
IFS=

typeset -l forest GC
forest=$1
GC=$2

if [[ "$forest" = dc=* ]]
then
        forestdn=$forest
else
        # Convert DNS-style forest name to DN
        IFS=.
        set -- $forest
        IFS=
        forestdn=DC=$1
        shift
        while [[ $# -gt 0 ]]
        do
                forestdn=${forestdn},DC=$1
                shift
        done
fi

function search {
        typeset ds bdn scope

        ds=$1
        bdn=$2
        scope=$3
        filter=$4
        shift 4
        ldapsearch -h $ds -R -T -p 3268 -o mech=gssapi -o authzid= \
                -b "$bdn" -s $scope "$filter" "$@"
}

print "GC ROOT DSE:"
search $GC $forestdn base ""
print -- ----

print "DOMAINS IN FOREST:"
IFS=$OIFS
search $GC "" base "(objectClass=*)" namingContexts|while read attr value
do
        [[ $attr = namingContexts: ]] || continue
        search $GC "$value" base '(objectclass=Domain)' dn
done
print -- ----

print "TRUSTS IN FOREST:"
search $GC CN=System,$forestdn sub \
        '(objectclass=trustedDomain)'
print -- ----

_______________________________________________
cifs-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/cifs-discuss

Reply via email to