Drew, I did the following:
I have Windows 2003R2 with rfc2307 extensions installed. User name rona have a windows account in the Active Directory and also a posix account enable. This means user name rona has a uid,uidNumber, gid, gecos, UnixHomeDirectory, LoginShell etc... configure. In the opensolairs machine name Filer I configure the resolve.conf to point to the Windows 2003 Server. Configure the kerberos so I can authenticate using the kerberos protocol. To test it I run the command kinit "[email protected]" or "kinit Administrator" and this seems to work fine. klist show the active ticket. Now I configure the ldap client and the dns client under the svcadm to enable state. The ldap client was configure using the ldapclient command so it could map to the correct attributes in the AD. It is mostly based on the parameters you can find here: " http://blog.scottlowe.org/2006/08/15/solaris-10-and-active-directory-integration/ " After this I edit the nsswitch.conf to include the ldap parameters only to the passwd and shadow map, and add dns to the host map. In this step I check to see if I can resolve users from the active directory, so I run the command 'getent passwd rona' and manage to get the attributes from the active directory, so ldap client seems to work just fine. The id command also worked. So now I configured the pam.conf so users can loging to the machine using kerberos. So know users from active directory can login to the server using there username and password store in the active directory. Now the hard part: I add the machine to the windows domain using the command '/usr/sbin/kclient -T ms_ad' or 'smbadm join -u Administrator Domain' Join was added successfully with the DDNS option. I add the machine IP to the DNS manually. I have started the cifs services and login to windows XP machine in the domain using the user rona. Now I try to connect to the opensolaris machine using cifs after I have created a ZFS share to one of my pool. Then I see on the console that user rona is consider as guest. I can't get to the share even if a popup windows is asking for user and password. I tried everything and nothing seems to work. rona with password, Domain\rona with password, DC\rona with password but nothing is working. So know I edit the idmap configuration but I don't know what to do here. even when creating a user map it still not working. Can u help? Thanks Sassy On Tue, Dec 22, 2009 at 10:18 PM, Sassy Natan <[email protected]> wrote: > Hi Drew > > See here: > > http://opensolaris.org/jive/thread.jspa?threadID=120461&tstart=0 > > I still didn't manage to solve it :-( > > thank you > Sassy > > > On Tue, Dec 22, 2009 at 9:56 PM, Drew Balfour <[email protected]>wrote: > >> On 12/21/09 06:57 PM, Richard Elling wrote: >> >> I have install the latest version of OpenSolairs (version 129) on my >>> machine. >>> I have configure the DNS, Kerberos, PAM and LDAP client to use my Windows >>> 2003R2 domain. >>> >>> [...] >> >> But this seems not to work. when checking the mapping I get error: see >>> below >>> >>> [...] >> >> #idmap show -cv rona@ >>> winname:rona@ -> uid:60001 >>> Error: Not found >>> >> [...] >> >> I run the cifs-gendiag and didn't saw any problems >>> >> >> Could you get us the output of the cifs-gendiag script? How you have idmap >> configured is what I'd be interested in seeing. >> >> -Drew >> > >
_______________________________________________ cifs-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
