On 01/ 7/11 12:58 PM, keegam wrote:
Currently we have a sun server with a zfs pool, and our windows team manages
permissions and access to said pool via cifs.
Recently, and for an unknown reason, idmap is failing. No one has logged in to the
solaris server since well before the problems started, and the windows team is unaware of
any significant changes to the windows domain. Previously, windows administrators could
connect to and manage the solaris shares via windows MMC. When an admin tries to connect
via MMC, they get an error "You do not have access rights to Logical Disk Manager on
10.93.7.51"
Here is a snippet of /var/adm/messages:
Jan 7 15:56:10 dsshare01 smbd[1293]: [ID 395423 daemon.debug]
smbrdr_ntcreatex: 18 \netlogon
Jan 7 15:56:10 dsshare01 smbd[1293]: [ID 528497 daemon.debug] SmbRdrNtCreate:
fid=4
Jan 7 15:56:10 dsshare01 smbd[1293]: [ID 702911 daemon.debug] [0] 1327 (-9976)
Jan 7 15:56:10 dsshare01 smbd[1293]: [ID 266262 daemon.error]
DE-ENT\solarisuser: idmap failed
Jan 7 15:56:10 dsshare01 smbd[1293]: [ID 395423 daemon.debug]
smbrdr_ntcreatex: 18 \netlogon
Jan 7 15:56:10 dsshare01 smbd[1293]: [ID 528497 daemon.debug] SmbRdrNtCreate:
fid=49166
Jan 7 15:56:10 dsshare01 smbd[1293]: [ID 702911 daemon.debug] [0] 1327 (-9976)
Jan 7 15:56:10 dsshare01 smbd[1293]: [ID 266262 daemon.error]
DE-ENT\solarisuser: idmap failed
solarisuser is the user i'm trying to connect via MMC. It is also the user that
i joined the domain with. The account is enabled and functioning properly (it
is not locked out.)
Here is what I've done to troubleshoot:
- delete /var/idmap/idmap.db and /var/run/idmap/idmap.db; restart idmap/smb
services
- reboot
- re-join the domain (which works successfully)
When i do an idmap dump -n I see a bunch of windows users as expected.
There was a problem like this a while ago and this was one way to
correct it. I think this was resolved and I haven't seen it in a
long time.
If you are using something older than Solaris Express that might
be worth consideration.
Alan
_______________________________________________
cifs-discuss mailing list
cifs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
