I'll see what I can make of the msrpc.d script. As downloaded from OpenGrok, it dies with the following error (and I've not popped it open to look further yet):
dtrace: failed to compile script ./msrpc.d: line 171: 'pid0' does not contain a valid pid I'm willing to provide the cifs-gendiag output privately, yes. But I'm not authorized to put the contents of it on the internet in the form of an archived mailing list post attachment. (By the way, if anyone reading has a login for the genunix.org wiki, it could use the URL to cifs-chkcfg and cifs-gendiag getting an update...) I've poked at idmap a bit, without much success. I'm not 100% sure of what I should be doing with it though, as I don't think I've ever actually used it. As for smbadm, that's another tool I've not explored fully, but I'll see what I can do. FWIW, 'smbadm list' only shows one of the DCs. Is this normal, and is it potentially indicative of anything? Also, I tried using 'pfexec /usr/sbin/kclient -a myusername -T ms_ad' to see if that may shed light on the issue, and I got the following output: Starting client setup --------------------------------------------------- Setting up /etc/krb5/krb5.conf. Attempting to join 'MATT-OSOL' to the 'MPSMULTIMEDIA.COM' domain. Password for [email protected]: Forest name found: mpsmultimedia.com ldap_sasl_interactive_bind_s: Can't connect to the LDAP server - Connection refused Site name not found. Local DCs/GCs will not be discovered. Search for domain functionality failed, exiting. --------------------------------------------------- Setup FAILED. I have a Wireshark capture of that if it's useful. I don't see any flaws in the conversation, but I'm not a Kerberos and LDAP guru. :) (And again, I'm not able to provide that dump to the list as a whole, and its archives.) So, I'll poke at msrpc.d next, and read up a bit on idmap and smbadm to find out how to do "useful" things with them. :) Thanks, --Matt -- Matt Lewandowsky Greenviolet http://greenviolet.net/ ---------------------------------------- > Date: Tue, 5 Jan 2010 16:06:39 -0800 > From: [email protected] > Subject: Re: [cifs-discuss] CIFS server randomly ceased working > To: [email protected] > CC: [email protected] > > Dtrace could help identify the function that is unsuccessful and why > you are seeing the Bad Password error. The msrpc.d script might be > a good starting point. > > Are you comfortable providing cifs-gendiag output? > Are you able to map domain users manually using the idmap command? > Can add/remove domain users to/from local SMB groups using smbadm? > > Alan > > On 01/05/10 14:33, Matt Lewandowsky wrote: >> To follow up on my posts from yesterday, now we're seeing this behavior from >> all the OpenSolaris CIFS servers (running 111 through 129). I'm not seeing >> anything logged, aside from random cases of this: >> >> Jan 5 14:16:46 fileserv4 mountd[777]: [ID 589989 daemon.error] Could not >> find DNS entry for tcp >> >> Is this potentially a symptom of why all the OpenSolaris machines have >> stopped serving CIFS to domain users? >> >> Thanks again, >> >> --Matt >> >> -- >> Matt Lewandowsky >> Greenviolet >> http://greenviolet.net/ >> >> ---------------------------------------- >>> From: [email protected] >>> To: [email protected] >>> Date: Mon, 4 Jan 2010 18:00:12 -0800 >>> Subject: Re: [cifs-discuss] CIFS server randomly ceased working >>> >>> >>> I turned on *.debug, earlier, to no avail. I also tried restarting both >>> services (and a number of reboots...), also with no luck. >>> >>> Someone had recommended the dtrace scripts, but they don't seem terribly >>> useful (at least the one which started and produced any output...). And I'm >>> not big on kmdb... >>> >>> Also, I'm willing to try most things. But an upgrade's not in my agenda for >>> today. ;) >>> >>> --Matt >>> -- >>> Matt Lewandowsky >>> Greenviolet >>> http://greenviolet.net/ >>> >>> ---------------------------------------- >>>> Date: Mon, 4 Jan 2010 16:21:13 -0800 >>>> From: [email protected] >>>> Subject: Re: [cifs-discuss] CIFS server randomly ceased working >>>> To: [email protected] >>>> CC: [email protected] >>>> >>>> Turn on debug messages in your /etc/syslog.conf and see if you get any >>>> more information. Is idmap service working properly? One of the reasons >>>> CIFS logins could fail is when CIFS service cannot obtain all the >>>> required user/group mappings during login process. >>>> >>>> Since you've already attempted rejoining the domain you might want to >>>> also try restarting idmap and cifs services to see if it resolves your >>>> problem: >>>> >>>> # svcadm restart idmap >>>> # svcadm restart smb/server >>>> >>>> Afshin >>>> >>>> Matt Lewandowsky wrote: >>>>> Hello, >>>>> >>>>> I've been running 117 on a Windows 2000 domain for a while. (Like since >>>>> 117 came out. ;) ) Strangely, about 4 hours ago, users are no longer able >>>>> to connect to any of the shares on one of the servers. There's nothing >>>>> logged that I can find regarding these errors. Wireshark shows that the >>>>> CIFS service is returning a "Bad password" error. >>>>> >>>>> I have attempted rejoining the domain (the logs say the configuration is >>>>> unchanged), to no avail. And I am fairly certain that Kerberos is >>>>> configured properly, as I can get tickets for domain users on this system. >>>>> >>>>> There are no known (to me) configuration changes to any of the domain >>>>> controllers, nor the server with the CIFS shares. >>>>> >>>>> Does anyone have any suggestions as to how I can troubleshoot this, as >>>>> I'm totally at a loss. (And I have users freaking out. :P ) >>>>> >>>>> Thanks! >>>>> >>>>> --Matt >>>>> >>>>> -- >>>>> Matt Lewandowsky >>>>> Greenviolet >>>>> http://greenviolet.net/ > _______________________________________________ cifs-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
