Doh. I feel like something of an idiot. I forgot that smbadm needs to run as root.
m...@matt-osol:~$ pfexec smbadm add-member -m MPSMULTIMEDIA/administrator administrators 'MPSMULTIMEDIA/administrator' is now a member of 'administrators' So, this should mean that things should be working, right? --Matt -- Matt Lewandowsky Greenviolet http://greenviolet.net/ ---------------------------------------- > From: [email protected] > To: [email protected] > Date: Tue, 5 Jan 2010 17:26:42 -0800 > CC: [email protected] > Subject: Re: [cifs-discuss] CIFS server randomly ceased working > > > That is one of the genunix pages I had in mind, yes. However the links > provided did not survive the transition to Xwiki. I think I mailed > website-discuss about file downloads not being rewritten at one point, back > around the time of the transition. > > I somehow forgot the 'd' at the end of 'smbd' while invoking the script. Now > it gives: > > 541 m...@fileserv4$ pfexec ./msrpc.d -p `pgrep smbd` > dtrace: failed to compile script ./msrpc.d: line 423: probe description > pid940::ndr_clnt_get_frag:entry does not match any probes > > There is one smbd running, with a pid 940. Is it advisable to remove the > ndr_clnt_get_frag bits? > > And with your helpful examples, I have the following output. (I had already > figured out idmap show, though. :) ) > > 545 m...@fileserv4$ idmap show -c Domain\ [email protected] > wingroup:Domain [email protected] -> gid:2147483650 > > m...@matt-osol:~$ smbadm add-member -m MPSMULTIMEDIA/administrator > administrators > failed to add MPSMULTIMEDIA/administrator (failed inserting the domain SID) > m...@matt-osol:~$ smbadm show -m > administrators (Members can fully administer the computer/domain) > SID: S-1-5-32-544 > No members > backup operators (Members can bypass file security to back up files) > SID: S-1-5-32-551 > No members > power users (Members can share directories) > SID: S-1-5-32-547 > No members > > I've rejoined the domain a number of times (with no errors, and the logs > saying the configuration is unchanged) since this issue started using smbadm. > That's why I was looking at kclient. > > Is it possible to somehow get more diagnostic info out of smbadm? > > --Matt > > -- > Matt Lewandowsky > Greenviolet > http://greenviolet.net/ > > ---------------------------------------- >> Date: Tue, 5 Jan 2010 17:08:19 -0800 >> From: [email protected] >> Subject: Re: [cifs-discuss] CIFS server randomly ceased working >> To: [email protected] >> CC: [email protected] >> >> The script should be available here: >> http://wiki.genunix.org/wiki/index.php/Solaris_CIFS_Service_Troubleshooting >> >> msrpc.d is available here: >> http://src.opensolaris.org/source/xref/onnv/onnv-gate/usr/src/cmd/smbsrv/dtrace/msrpc.d >> >>> dtrace: failed to compile script ./msrpc.d: line 171: 'pid0' >>> does not contain a valid pid >> >> How are you running the script? >> >>> I've poked at idmap a bit, without much success... >> >> bash# idmap show -c 'domain [email protected]' >> wingroup:domain [email protected] -> gid:2147483650 >> >>> As for smbadm, that's another tool I've not explored fully, >> >> bash# smbadm add-member -m DOMAIN/administrator administrators >> '...' is now a member of 'administrators' >> >> bash# smbadm show -m >> administrators (Members can fully administer the computer/domain) >> SID: S-1-5-32-544 >> Members: >> DOMAIN\Administrator >> >>> FWIW, 'smbadm list' only shows one of the DCs. Is this normal, >>> and is it potentially indicative of anything? >> >> This is normal. It's showing the currently selected DC. >> You should see all your domains (local, primary and trusted). >> >>> Also, I tried using 'pfexec /usr/sbin/kclient -a myusername -T ms_ad' >> >> Given that you're having problems I'd recommend using smbadm to >> manage domain membership. Can you successfully join the domain >> using smbadm? >> >> bash# smbadm join -u administrator domain >> >> Alan > > _______________________________________________ > cifs-discuss mailing list > [email protected] > http://mail.opensolaris.org/mailman/listinfo/cifs-discuss _______________________________________________ cifs-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
