Hi Will, The SS7000 appliance kit is the customised OpenSolaris image that runs on the Sun Storage 7000 products (NAS box).
You can run the SS7000 appliance kit in VirtualBox as I am doing to simulate/test/demo the storage appliance. So you can call the SS7000 appliance kit a appliantized/productized implementation of OpenSolaris. They are obviously doing something quite different because this works perfectly on OpenSolaris 2009.06 I have followed this up with a feedback alias for the appliance kit and can see what comes of that. I will probably not consume your time further as they maybe doing something quite customised. Thanks for the offer to help though. Malcolm -----Original Message----- From: Will Fiveash [mailto:[email protected]] Sent: Thursday, 18 June 2009 3:32 AM To: Malcolm Gibbs Cc: Will Fiveash; Natalie Li; [email protected]; [email protected] Subject: Re: [kerberos-discuss] [cifs-discuss] SS7000 CIFS User unknownorinvalid user On Wed, Jun 17, 2009 at 09:27:01PM +1000, Malcolm Gibbs wrote: > Hi, > > Thanks for your help on this one. > > With that ticket loaded in the cache, I rejoined the domain (which I > could always do successfully) but idmap show still fails with "No AD > Servers" > > That service is disabled in the SS7000 appliance kit. Why (and what is the SS7000 app kit)? > Starting it clears that error on the kinit but has no effect on the > idmap failures. As expected. > fw02-2009Q2# svcs svc:/network/security/ktkt_warn > STATE STIME FMRI > disabled 9:25:32 svc:/network/security/ktkt_warn:default > > fw02-2009Q2# svcadm enable /network/security/ktkt_warn > > fw02-2009Q2# svcs svc:/network/security/ktkt_warn > STATE STIME FMRI > online 6:12:39 svc:/network/security/ktkt_warn:default > > fw02-2009Q2# idmap show -cv [email protected] > winname:[email protected] -> uid:60001 > Error: No AD servers > > That error has now gone on the kinit > fw02-2009Q2# kinit Administrator > Password for [email protected]: > > fw02-2009Q2# klist > Ticket cache: FILE:/tmp/krb5cc_0 > Default principal: [email protected] > > Valid starting Expires Service principal > 06/17/09 06:13:12 06/17/09 16:13:16 krbtgt/[email protected] > renew until 06/24/09 06:13:12 > > fw02-2009Q2# idmap show -cv [email protected] > winname:[email protected] -> uid:60001 > Error: No AD servers > > fw02-2009Q2# smbadm join -u administrator fishworks.com > After joining fishworks.com the smb service will be restarted > automatically. > Would you like to continue? [no]: yes > Enter domain password: > Joining fishworks.com ... this may take a minute ... > Successfully joined fishworks.com > > fw02-2009Q2# idmap show -cv [email protected] > winname:[email protected] -> uid:60001 > Error: No AD servers > > fw02-2009Q2# smbadm list > [*] [FISHWORKS] > [*] [fishworks.com] > [+win2008-01.fishworks.com] [192.168.56.20] > [*] [FISHWORKS] [S-1-5-21-424206279-106027690-574836047] > [.] [FW02-2009Q2] [S-1-5-21-2328018714-2221239836-2816574501] > > > I still get heaps of these in the debug log > > Jun 17 06:15:47 fw02-2009Q2 idmap[987]: [ID 702911 auth.notice] GSSAPI > Error: Unspecified GSS failure. Minor code may provide more information > (Preauthentication failed) > Jun 17 06:15:47 fw02-2009Q2 idmap[987]: [ID 706612 daemon.info] LDAP > SASL bind to win2008-01.fishworks.com:389 failed (Local error) A snoop of traffic for both the idmap and the smbadm join would be good as would the AD access/error logs for both. -- Will Fiveash Sun Microsystems Inc. http://opensolaris.org/os/project/kerberos/ _______________________________________________ cifs-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
