r...@dsshare01:~# smbadm join -u solarisuser de-ent.com
Is "solarisuser" an AD user? If not, please try using a domain
administrator account to perform the domain join.
When joining a Windows 2008 domain, please refer to the following
troubleshooting guide:
http://wiki.genunix.org/wiki/index.php/CIFS_Service_Troubleshooting#Joining_a_Windows_2008_Domain
Regards,
Natalie
keegam wrote:
I'm trying to get an opensolaris server to authenticate off a Windows 2008 AD
server. I initially set up everything as one domain, and it didn't work, now
I'm trying to set up on a new domain. However, it seems like there are some old
entries somewhere I can't find, pointing to the old domain.
Here's some output from /var/adm/messages when i start idmap:
Jul 7 10:25:51 dsshare01 idmap[1492]: [ID 452674 daemon.info] change
machine_sid=S-1-5-21-3983517302-1461505347-3134444232
Jul 7 10:25:51 dsshare01 idmap[1492]: [ID 452674 daemon.info] change
default_domain=UAMHO.COM
Jul 7 10:25:51 dsshare01 idmap[1492]: [ID 452674 daemon.info] change
domain_name=UAMHO.COM
Jul 7 10:25:51 dsshare01 idmap[1492]: [ID 673650 daemon.debug] Initial
configuration loaded
Jul 7 10:25:51 dsshare01 idmap[1492]: [ID 979816 daemon.debug] Querying DNS for SRV RRs named '_ldap._tcp.dc._msdcs' for 'UAMHO.COM'
uamho.com is the old domain. Where do i specify the new one? I've set it up in
my resolv.conf, as well as krb5.conf.
I think this is causing my authentication issues, but it might be unrelated.
The front problem is have is, when I try to join a domain, i get the following
error:
r...@dsshare01:~# smbadm join -u solarisuser de-ent.com
After joining de-ent.com the smb service will be restarted automatically.
Would you like to continue? [no]: yes
Enter domain password:
Joining de-ent.com ... this may take a minute ...
Jul 7 10:31:22 dsshare01 smbd[432]: [ID 775558 daemon.debug]
smb_door_srv_func: execute server routine(opcode=7)
Jul 7 10:31:22 dsshare01 smbd[432]: [ID 702911 daemon.debug] msdcsLookupADS:
de-entdc1.de-ent.com [10.93.208.65]
Jul 7 10:31:22 dsshare01 smbd[432]: [ID 135458 daemon.debug] smbrdr: trying
port 445
Jul 7 10:31:22 dsshare01 smbd[432]: [ID 508689 daemon.debug] smbrdr: connected
on port 445
Jul 7 10:31:22 dsshare01 smbd[432]: [ID 434374 daemon.debug] smbrdr: connected
port 445
Jul 7 10:31:22 dsshare01 smbd[432]: [ID 895027 daemon.debug] smbrdr:
DE-ENTDC1: signing required
Jul 7 10:31:22 dsshare01 smbd[432]: [ID 395423 daemon.debug] smbrdr_ntcreatex:
14 \lsarpc
Jul 7 10:31:22 dsshare01 smbd[432]: [ID 528497 daemon.debug] SmbRdrNtCreate:
fid=6
Jul 7 10:31:22 dsshare01 smbd[432]: [ID 395423 daemon.debug] smbrdr_ntcreatex:
14 \lsarpc
Jul 7 10:31:22 dsshare01 smbd[432]: [ID 528497 daemon.debug] SmbRdrNtCreate:
fid=32772
Jul 7 10:31:22 dsshare01 smbd[432]: [ID 395423 daemon.debug] smbrdr_ntcreatex:
14 \lsarpc
Jul 7 10:31:22 dsshare01 smbd[432]: [ID 528497 daemon.debug] SmbRdrNtCreate:
fid=11
Jul 7 10:31:22 dsshare01 smbd[432]: [ID 395423 daemon.debug] smbrdr_ntcreatex:
14 \lsarpc
Jul 7 10:31:22 dsshare01 smbd[432]: [ID 528497 daemon.debug] SmbRdrNtCreate:
fid=15
Jul 7 10:31:22 dsshare01 smbd[432]: [ID 395604 daemon.debug] Authenticated
with Kerberos v5
failed to join de-ent.com: UNSUCCESSFUL
Please refer to the system log for more information.
r...@dsshare01:~# Jul 7 10:31:22 dsshare01 smbd[432]: [ID 504979
daemon.notice] ldap_add: Insufficient access
Jul 7 10:31:22 dsshare01 smbd[432]: [ID 702911 daemon.notice] Failed to create
the workstation trust account.
Jul 7 10:31:22 dsshare01 smbd[432]: [ID 871254 daemon.error] smbd: failed
joining de-ent.com (UNSUCCESSFUL)
_______________________________________________
cifs-discuss mailing list
cifs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/cifs-discuss