On 01/05/10 17:42, Matt Lewandowsky wrote:
Doh. I feel like something of an idiot. I forgot that smbadm needs to run as root.
m...@matt-osol:~$ pfexec smbadm add-member -m MPSMULTIMEDIA/administrator administrators
'MPSMULTIMEDIA/administrator' is now a member of 'administrators'
So, this should mean that things should be working, right?
This doesn't help with user authentication but it means that you
can communicate with the DC using the IPC$ share and interact with
the Server Service on that system. This is a useful data point.
Send me the cifs-gendiag and msrpc.d output (privately is fine)
and I'll take a look at it.
Alan
--Matt
--
Matt Lewandowsky
Greenviolet
http://greenviolet.net/
----------------------------------------
From: [email protected]
To: [email protected]
Date: Tue, 5 Jan 2010 17:26:42 -0800
CC: [email protected]
Subject: Re: [cifs-discuss] CIFS server randomly ceased working
That is one of the genunix pages I had in mind, yes. However the links provided
did not survive the transition to Xwiki. I think I mailed website-discuss about
file downloads not being rewritten at one point, back around the time of the
transition.
I somehow forgot the 'd' at the end of 'smbd' while invoking the script. Now it
gives:
541 m...@fileserv4$ pfexec ./msrpc.d -p `pgrep smbd`
dtrace: failed to compile script ./msrpc.d: line 423: probe description
pid940::ndr_clnt_get_frag:entry does not match any probes
There is one smbd running, with a pid 940. Is it advisable to remove the
ndr_clnt_get_frag bits?
And with your helpful examples, I have the following output. (I had already
figured out idmap show, though. :) )
545 m...@fileserv4$ idmap show -c Domain\ [email protected]
wingroup:Domain [email protected] -> gid:2147483650
m...@matt-osol:~$ smbadm add-member -m MPSMULTIMEDIA/administrator
administrators
failed to add MPSMULTIMEDIA/administrator (failed inserting the domain SID)
m...@matt-osol:~$ smbadm show -m
administrators (Members can fully administer the computer/domain)
SID: S-1-5-32-544
No members
backup operators (Members can bypass file security to back up files)
SID: S-1-5-32-551
No members
power users (Members can share directories)
SID: S-1-5-32-547
No members
I've rejoined the domain a number of times (with no errors, and the logs saying
the configuration is unchanged) since this issue started using smbadm. That's
why I was looking at kclient.
Is it possible to somehow get more diagnostic info out of smbadm?
--Matt
--
Matt Lewandowsky
Greenviolet
http://greenviolet.net/
----------------------------------------
Date: Tue, 5 Jan 2010 17:08:19 -0800
From: [email protected]
Subject: Re: [cifs-discuss] CIFS server randomly ceased working
To: [email protected]
CC: [email protected]
The script should be available here:
http://wiki.genunix.org/wiki/index.php/Solaris_CIFS_Service_Troubleshooting
msrpc.d is available here:
http://src.opensolaris.org/source/xref/onnv/onnv-gate/usr/src/cmd/smbsrv/dtrace/msrpc.d
dtrace: failed to compile script ./msrpc.d: line 171: 'pid0'
does not contain a valid pid
How are you running the script?
I've poked at idmap a bit, without much success...
bash# idmap show -c 'domain [email protected]'
wingroup:domain [email protected] -> gid:2147483650
As for smbadm, that's another tool I've not explored fully,
bash# smbadm add-member -m DOMAIN/administrator administrators
'...' is now a member of 'administrators'
bash# smbadm show -m
administrators (Members can fully administer the computer/domain)
SID: S-1-5-32-544
Members:
DOMAIN\Administrator
FWIW, 'smbadm list' only shows one of the DCs. Is this normal,
and is it potentially indicative of anything?
This is normal. It's showing the currently selected DC.
You should see all your domains (local, primary and trusted).
Also, I tried using 'pfexec /usr/sbin/kclient -a myusername -T ms_ad'
Given that you're having problems I'd recommend using smbadm to
manage domain membership. Can you successfully join the domain
using smbadm?
bash# smbadm join -u administrator domain
Alan
_______________________________________________
cifs-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
_______________________________________________
cifs-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
