On January 11, 2010 10:24:01 PM -0800 Jordan Brown <[email protected]>
wrote:
Whatever you do, (a) please keep us informed of the results and (b) I
suggest that you try to minimize the differences between where you'd like
to be and where you have to go to work around problems. We *do* want to
fix problems, and when we do fix them it'd be nice if you could migrate
back to your preferred configuration.
crud. Where I'd like to be (barring just a single domain) is to
have a root domain (FOO.COM) and two subdomains (BAR.FOO.COM and
BAZ.FOO.COM) in the FOO.COM forest. But that's not going to happen
since a single domain controller can only serve a single domain.
I'm not dedicating extra hardware to sit as a container for the
root domain, and I'm not happy enough with AD's handling of networking
to use a VM.
So I have BAR.FOO.COM and finally (what a headache) everything is
working like I had it with just FOO.COM except of course my AD domain
now matches my dns domain. Later on I can add BAZ.FOO.COM; it doesn't
appear that the naming of domains in the forest have to be related
in any way.
But now my b130 server has apparently gone tits up. Here is the log
from my last attempts on the old domain:
# smbadm join -u frank.cusack bar.foo.com
After joining bar.foo.com the smb service will be restarted automatically.
Would you like to continue? [no]: y
Enter domain password:
Joining bar.foo.com ... this may take a minute ...
failed to join bar.foo.com LOGON_FAILURE
Please refer to the system log for more information.
# tail /var/adm/messages
Jan 12 20:37:34 idmapd[1063]: [ID 944576 daemon.debug] DNS query for
'_ldap._tcp.dc._msdcs' for 'FOO.COM' failed (Unknown host)
Jan 12 20:37:34 idmapd[1063]: [ID 979816 daemon.debug] Querying DNS for SRV
RRs named '_ldap._tcp.dc._msdcs' for 'FOO.COM'
Jan 12 20:37:34 idmapd[1063]: [ID 944576 daemon.debug] DNS query for
'_ldap._tcp.dc._msdcs' for 'FOO.COM' failed (Unknown host)
Jan 12 20:37:34 idmapd[1063]: [ID 492908 daemon.debug] unable to discover
Domain Controller
Jan 12 20:37:34 idmapd[1063]: [ID 692716 daemon.debug] unable to discover
Forest Name
Jan 12 20:37:34 idmapd[1063]: [ID 966149 daemon.debug] unable to discover
Site Name
Jan 12 20:37:34 idmapd[1063]: [ID 520885 daemon.debug] unable to discover
Global Catalog
Jan 12 20:37:34 idmapd[1063]: [ID 638774 daemon.debug] unable to discover
Domains in the Forest
Jan 12 20:37:34 idmapd[1063]: [ID 767837 daemon.debug] unable to discover
Trusted Domains
Jan 12 20:37:34 idmapd[1063]: [ID 979816 daemon.debug] Querying DNS for SRV
RRs named '_ldap._tcp.dc._msdcs' for 'FOO.COM'
# date
Wednesday, January 13, 2010 12:08:15 AM EST
# man smbadm
# sharectl set -p lmauth_level=2 smb
lmauth_level: not defined
# sharectl set -p lmauth_level=4 smb
lmauth_level: not defined
# svcs smbd
svcs: Could not bind to repository server: repository server unavailable.
Exiting.
# svcs smb
svcs: Could not bind to repository server: repository server unavailable.
Exiting.
# svcs
svcs: Could not bind to repository server: repository server unavailable.
Exiting.
# reboot
Connection to fs1 closed by remote host.
Connection to fs1 closed.
Note that DNS services were up and running during this attempted join,
just as they were for earlier attempts that did work (with wrong fqdn).
And now, after a reboot and with my new AD config, I can't join
bar.foo.com and other mysterious errors:
# smbadm join -u frank.cusack bar.foo.com
After joining bar.foo.com the smb service will be restarted automatically.
Would you like to continue? [no]: y
Enter domain password:
Joining bar.foo.com ... this may take a minute ...
failed to join bar.foo.com: INTERNAL_ERROR
Please refer to the system log for more information.
(of course there is nothing in the system log)
# sharectl get -p lmauth_level smb
lmauth_level=2
# sharectl set -p lmauth_level=4 smb
# echo $?
0
# sharectl get -p lmauth_level smb
lmauth_level=2
And I also can't even view the manpage
# man sharectl
Reformatting page. Please Wait...nroff: cannot create temp file.
done
(other manpages work fine, truss doesn't indicate any errors, in fact
it shows creation of a temp file)
I'm giving up on opensolaris for now. It's proven itself too unreliable.
Even the installer is just a huge headache. I wouldn't mind so much
except that the zpool upgrade means I won't ever be able to use these
pools anywhere else (ie, s10) so I have no fallback plan in case of
some critical problem.
-frank
_______________________________________________
cifs-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
