I'm trying to get an opensolaris server to authenticate off a Windows 2008 AD server. I initially set up everything as one domain, and it didn't work, now I'm trying to set up on a new domain. However, it seems like there are some old entries somewhere I can't find, pointing to the old domain.
Here's some output from /var/adm/messages when i start idmap: Jul 7 10:25:51 dsshare01 idmap[1492]: [ID 452674 daemon.info] change machine_sid=S-1-5-21-3983517302-1461505347-3134444232 Jul 7 10:25:51 dsshare01 idmap[1492]: [ID 452674 daemon.info] change default_domain=UAMHO.COM Jul 7 10:25:51 dsshare01 idmap[1492]: [ID 452674 daemon.info] change domain_name=UAMHO.COM Jul 7 10:25:51 dsshare01 idmap[1492]: [ID 673650 daemon.debug] Initial configuration loaded Jul 7 10:25:51 dsshare01 idmap[1492]: [ID 979816 daemon.debug] Querying DNS for SRV RRs named '_ldap._tcp.dc._msdcs' for 'UAMHO.COM' uamho.com is the old domain. Where do i specify the new one? I've set it up in my resolv.conf, as well as krb5.conf. I think this is causing my authentication issues, but it might be unrelated. The front problem is have is, when I try to join a domain, i get the following error: r...@dsshare01:~# smbadm join -u solarisuser de-ent.com After joining de-ent.com the smb service will be restarted automatically. Would you like to continue? [no]: yes Enter domain password: Joining de-ent.com ... this may take a minute ... Jul 7 10:31:22 dsshare01 smbd[432]: [ID 775558 daemon.debug] smb_door_srv_func: execute server routine(opcode=7) Jul 7 10:31:22 dsshare01 smbd[432]: [ID 702911 daemon.debug] msdcsLookupADS: de-entdc1.de-ent.com [10.93.208.65] Jul 7 10:31:22 dsshare01 smbd[432]: [ID 135458 daemon.debug] smbrdr: trying port 445 Jul 7 10:31:22 dsshare01 smbd[432]: [ID 508689 daemon.debug] smbrdr: connected on port 445 Jul 7 10:31:22 dsshare01 smbd[432]: [ID 434374 daemon.debug] smbrdr: connected port 445 Jul 7 10:31:22 dsshare01 smbd[432]: [ID 895027 daemon.debug] smbrdr: DE-ENTDC1: signing required Jul 7 10:31:22 dsshare01 smbd[432]: [ID 395423 daemon.debug] smbrdr_ntcreatex: 14 \lsarpc Jul 7 10:31:22 dsshare01 smbd[432]: [ID 528497 daemon.debug] SmbRdrNtCreate: fid=6 Jul 7 10:31:22 dsshare01 smbd[432]: [ID 395423 daemon.debug] smbrdr_ntcreatex: 14 \lsarpc Jul 7 10:31:22 dsshare01 smbd[432]: [ID 528497 daemon.debug] SmbRdrNtCreate: fid=32772 Jul 7 10:31:22 dsshare01 smbd[432]: [ID 395423 daemon.debug] smbrdr_ntcreatex: 14 \lsarpc Jul 7 10:31:22 dsshare01 smbd[432]: [ID 528497 daemon.debug] SmbRdrNtCreate: fid=11 Jul 7 10:31:22 dsshare01 smbd[432]: [ID 395423 daemon.debug] smbrdr_ntcreatex: 14 \lsarpc Jul 7 10:31:22 dsshare01 smbd[432]: [ID 528497 daemon.debug] SmbRdrNtCreate: fid=15 Jul 7 10:31:22 dsshare01 smbd[432]: [ID 395604 daemon.debug] Authenticated with Kerberos v5 failed to join de-ent.com: UNSUCCESSFUL Please refer to the system log for more information. r...@dsshare01:~# Jul 7 10:31:22 dsshare01 smbd[432]: [ID 504979 daemon.notice] ldap_add: Insufficient access Jul 7 10:31:22 dsshare01 smbd[432]: [ID 702911 daemon.notice] Failed to create the workstation trust account. Jul 7 10:31:22 dsshare01 smbd[432]: [ID 871254 daemon.error] smbd: failed joining de-ent.com (UNSUCCESSFUL) -- This message posted from opensolaris.org _______________________________________________ cifs-discuss mailing list cifs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/cifs-discuss