Ryan John wrote:
Hi Jordon,
-----Original Message-----
From: Jordan Brown [mailto:jordan.br...@oracle.com]
Sent: Wed 5/19/2010 9:03 PM
To: Ryan John
Cc: cifs-discuss@opensolaris.org
Subject: Re: [cifs-discuss] URGENT no users can access CIFS
John Ryan wrote:
I got around the initial problem, but I'd still be very interested to
find out what went wrong.
To get out of trouble, I first rebooted, and it seemed to work for a
while, but then after about an hour, all connection attemps failed,
and the logs were ful of idmap errors.
I then stopped idmap, renameded the idmap.db in /var/run/idmap, reset
my name mapping rules, and rebooted.
I didn't see any more idmap errors in the log.
Some of the CIFS folks can probably chime in on what
CANT_ACCESS_DOMAIN_INFO really means.
For idmap errors, I would look at /var/svc/log/system-idmap:default.log
and at /var/adm/messages.
The only errors I got in messages were: (lots of)
May 19 13:45:03 bs-ssvr05 smbd[553]: [ID 266262 daemon.error] NT
Authority\Anonymous: idmap failed
May 19 13:46:47 bs-ssvr05 smbd[553]: [ID 266262 daemon.error] D\ryanj: idmap
failed
May 19 13:47:28 bs-ssvr05 smbd[553]: [ID 266262 daemon.error] D\ryanj: idmap
failed
I would also enable idmap debugging by:
# svccfg -s idmap setprop config/debug = boolean: true
# svcadm refresh idmap
This is already like that. Again there was nothing unusual in
/var/svc/log/system-idmap:default.log
If the SMB server is having trouble talking to the domain controller, it
is no surprise that idmap is also having trouble.
There was no problem contacting the domain controller. I managed to rejoin the
domain several times.
There was an error contacting the domain in
/var/svc/log/system-idmap:default.log.0, but there are no timestamps in this
file for 7 days, so I don't know when it happened.
Not that it's directly relevant to your problem, but I've filed
6954307 Timestamp log entries
(Unfortunately, that will make reading the file more painful because the
lines will all get that much longer.)
Further digging, and I came across Bug 6907210 and wondered if I had hit this.
The reason is, the afternoon before, we had some changes to our LDAP schema, so
I changed some idmap name rules.
The "idmap failed" errors started at 15:00 that very afternoon.
Hmm. I'd have to do a bit of archeology to be sure, because I've
rewritten the logging code, but I believe that if you encounter that bug
you will get the "Database error" message shown in the CR:
Database error on /var/run/idmap/idmap.db while executing UPDATE
idmap_cache SET w2u = 0 WHERE sidprefix =
'S-1-5-21-3591674789-480817656-4239000414' AND rid = 500 AND w2u = 1 AND
pid >= 2147483648 AND is_user = 1; (columns sidprefix, rid, is_user, w2u
are not unique)
in /var/adm/messages.
I could only fix the problem by deleting and recreating the idmap database.
Right now this isn't ringing any bells. Are you back up?
Assuming you're back up, I recommend:
1) Upgrade to build 141 when it comes out. It should have some
significantly improved diagnostic capabilities for idmap.
2) If you encounter the failure again, save off /var/run/idmap/idmap.db
and /var/idmap/idmap.db for me to look at.
Regards
John
Regards
John
Ryan John wrote:
Hi,
I have an urgent problem.
None of our users can access our fileservers.
I get this in the error log:
smbd[12228]: [ID 653746 daemon.info] SmbLogon[D\ryanj]:
CANT_ACCESS_DOMAIN_INFO
This was working fine until yesterday.
I've tried rejoining the domain, which succeeded and restarting idmap
What else can I do?
I attach the output from gendiag
Thanks in advance
John Ryan
------------------------------------------------------------------------
_______________________________________________
cifs-discuss mailing list
cifs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
_______________________________________________
cifs-discuss mailing list
cifs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
_______________________________________________
cifs-discuss mailing list
cifs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
