Hi,
Thanks for your quick response.
Currently, Kerberos is required
- to join the domain if the system needs to create a machine
account on a domain controller
In one of opensolaris test box where CIFS with AD Domain mode is
configured. I disable the idmap & smb/server. Deleted the corresponding
computer object for my solaris box.
Renamed /etc/krb5/krb5.conf to some junk name. Now enable the idmap &
smb/server, tried to bind to AD which went successfully and created a new
computer object for box.
Without /etc/krb5/krb5.conf file, smbadm command has created a machine
acccount with kerbereos trust delegation enabled. Sorry if I am silly. I am
trying to understand its need perfectly.
Have you configured the WINS service on your domain controller?
Yes, its configured.
Have you configured all of your systems to use WINS or are some using NetBIOS
broadcast?
All the system uses WINS but as a fallback the NetBIOS broadcast is not
restricted in my network.
Can you provide an example of something that is not working?
In one of my solaris box, I have enabled the debug logging, where I
noticed few lines as follows:
Mar 23 09:16:04 test01 smbd[369]: [ID 715231 daemon.debug] smb browser: master
browser found at 192.168.0.199
Mar 23 09:16:04 test01 smbd[369]: [ID 484797 daemon.debug] smb browser: domain
master browser for SASKEN is 192.168.5.100
SMB is doing a netbios broadcast to find browser eventhough I have set
smbd/wins_server_1 & smbd/wins_server_2 parameters.
To do a cross check, I have connected both WINS servers and lauch the
WINS console, and did a query for all active registrations, where I am not able
to find a entry for my opensolaris box.
Thanks,
M.Chidambaram.
-----Original Message-----
From: alan.m.wri...@sun.com [mailto:alan.m.wri...@sun.com] On Behalf Of Alan M
Wright
Sent: Tuesday, March 23, 2010 12:20 PM
To: Chidambaram Muthu
Cc: cifs-discuss@opensolaris.org
Subject: Re: [cifs-discuss] Purpose of configuring /etc/krb5/krb5.conf
On 03/22/10 11:11 PM, Chidambaram Muthu wrote:
> Hi,
>
> I am using opensolaris of build 122& 132 for domain mode CIFS shares.
> In some I have not configured /etc/krb5/krb5.conf file and not set any >
> parameters except wins server for example not set domain, or domain >
> controller.. since we have only one domain. All the informations are > get
> collected from DNS and works perfectly.
> I am just trying to understand, why configuration /etc/krb5/krb5.conf >
> file is required and what will happen if I miss it.
Currently, Kerberos is required
- to join the domain if the system needs to create a machine
account on a domain controller
- if your domain requires secure DNS and you have enabled
dynamic DNS updates
- to perform ID mapping, which is generally required in order
to access shares as a domain user
> Secondly, I have configure smbd/wins_server_1 and smbd/wins_server_2, > not
> able to find a entry for my opensolaris box but where are windows > server
> and pc's are are available.
Have you configured the WINS service on your domain controller?
Have you configured all of your systems to use WINS or are some using NetBIOS
broadcast?
Can you provide an example of something that is not working?
Alan
SASKEN BUSINESS DISCLAIMER: This message may contain confidential, proprietary
or legally privileged information. In case you are not the original intended
Recipient of the message, you must not, directly or indirectly, use, disclose,
distribute, print, or copy any part of this message and you are requested to
delete it and inform the sender. Any views expressed in this message are those
of the individual sender unless otherwise stated. Nothing contained in this
message shall be construed as an offer or acceptance of any offer by Sasken
Communication Technologies Limited ("Sasken") unless sent with that express
intent and with due authority of Sasken. Sasken has taken enough precautions to
prevent the spread of viruses. However the company accepts no liability for any
damage caused by any virus transmitted by this email.
_______________________________________________
cifs-discuss mailing list
cifs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
