For help with an SS7000 product, you might want to consider
contacting Sun support. That product is a specialized
appliance and it has diagnostics that are not available in
OpenSolaris.
Alan
On 06/17/09 08:32, Will Fiveash wrote:
On Wed, Jun 17, 2009 at 09:27:01PM +1000, Malcolm Gibbs wrote:
Hi,
Thanks for your help on this one.
With that ticket loaded in the cache, I rejoined the domain (which I
could always do successfully) but idmap show still fails with "No AD
Servers"
That service is disabled in the SS7000 appliance kit.
Why (and what is the SS7000 app kit)?
Starting it clears that error on the kinit but has no effect on the
idmap failures.
As expected.
fw02-2009Q2# svcs svc:/network/security/ktkt_warn
STATE STIME FMRI
disabled 9:25:32 svc:/network/security/ktkt_warn:default
fw02-2009Q2# svcadm enable /network/security/ktkt_warn
fw02-2009Q2# svcs svc:/network/security/ktkt_warn
STATE STIME FMRI
online 6:12:39 svc:/network/security/ktkt_warn:default
fw02-2009Q2# idmap show -cv [email protected]
winname:[email protected] -> uid:60001
Error: No AD servers
That error has now gone on the kinit
fw02-2009Q2# kinit Administrator
Password for [email protected]:
fw02-2009Q2# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: [email protected]
Valid starting Expires Service principal
06/17/09 06:13:12 06/17/09 16:13:16 krbtgt/[email protected]
renew until 06/24/09 06:13:12
fw02-2009Q2# idmap show -cv [email protected]
winname:[email protected] -> uid:60001
Error: No AD servers
fw02-2009Q2# smbadm join -u administrator fishworks.com
After joining fishworks.com the smb service will be restarted
automatically.
Would you like to continue? [no]: yes
Enter domain password:
Joining fishworks.com ... this may take a minute ...
Successfully joined fishworks.com
fw02-2009Q2# idmap show -cv [email protected]
winname:[email protected] -> uid:60001
Error: No AD servers
fw02-2009Q2# smbadm list
[*] [FISHWORKS]
[*] [fishworks.com]
[+win2008-01.fishworks.com] [192.168.56.20]
[*] [FISHWORKS] [S-1-5-21-424206279-106027690-574836047]
[.] [FW02-2009Q2] [S-1-5-21-2328018714-2221239836-2816574501]
I still get heaps of these in the debug log
Jun 17 06:15:47 fw02-2009Q2 idmap[987]: [ID 702911 auth.notice] GSSAPI
Error: Unspecified GSS failure. Minor code may provide more information
(Preauthentication failed)
Jun 17 06:15:47 fw02-2009Q2 idmap[987]: [ID 706612 daemon.info] LDAP
SASL bind to win2008-01.fishworks.com:389 failed (Local error)
A snoop of traffic for both the idmap and the smbadm join would be good
as would the AD access/error logs for both.
_______________________________________________
cifs-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
