For help with an SS7000 product, you might want to consider contacting Sun support. That product is a specialized appliance and it has diagnostics that are not available in OpenSolaris.
Alan On 06/17/09 08:32, Will Fiveash wrote: > On Wed, Jun 17, 2009 at 09:27:01PM +1000, Malcolm Gibbs wrote: >> Hi, >> >> Thanks for your help on this one. >> >> With that ticket loaded in the cache, I rejoined the domain (which I >> could always do successfully) but idmap show still fails with "No AD >> Servers" >> >> That service is disabled in the SS7000 appliance kit. > > Why (and what is the SS7000 app kit)? > >> Starting it clears that error on the kinit but has no effect on the >> idmap failures. > > As expected. > >> fw02-2009Q2# svcs svc:/network/security/ktkt_warn >> STATE STIME FMRI >> disabled 9:25:32 svc:/network/security/ktkt_warn:default >> >> fw02-2009Q2# svcadm enable /network/security/ktkt_warn >> >> fw02-2009Q2# svcs svc:/network/security/ktkt_warn >> STATE STIME FMRI >> online 6:12:39 svc:/network/security/ktkt_warn:default >> >> fw02-2009Q2# idmap show -cv malcolm at fishworks.com >> winname:malcolm at fishworks.com -> uid:60001 >> Error: No AD servers >> >> That error has now gone on the kinit >> fw02-2009Q2# kinit Administrator >> Password for Administrator at FISHWORKS.COM: >> >> fw02-2009Q2# klist >> Ticket cache: FILE:/tmp/krb5cc_0 >> Default principal: Administrator at FISHWORKS.COM >> >> Valid starting Expires Service principal >> 06/17/09 06:13:12 06/17/09 16:13:16 krbtgt/FISHWORKS.COM at FISHWORKS.COM >> renew until 06/24/09 06:13:12 >> >> fw02-2009Q2# idmap show -cv malcolm at fishworks.com >> winname:malcolm at fishworks.com -> uid:60001 >> Error: No AD servers >> >> fw02-2009Q2# smbadm join -u administrator fishworks.com >> After joining fishworks.com the smb service will be restarted >> automatically. >> Would you like to continue? [no]: yes >> Enter domain password: >> Joining fishworks.com ... this may take a minute ... >> Successfully joined fishworks.com >> >> fw02-2009Q2# idmap show -cv malcolm at fishworks.com >> winname:malcolm at fishworks.com -> uid:60001 >> Error: No AD servers >> >> fw02-2009Q2# smbadm list >> [*] [FISHWORKS] >> [*] [fishworks.com] >> [+win2008-01.fishworks.com] [192.168.56.20] >> [*] [FISHWORKS] [S-1-5-21-424206279-106027690-574836047] >> [.] [FW02-2009Q2] [S-1-5-21-2328018714-2221239836-2816574501] >> >> >> I still get heaps of these in the debug log >> >> Jun 17 06:15:47 fw02-2009Q2 idmap[987]: [ID 702911 auth.notice] GSSAPI >> Error: Unspecified GSS failure. Minor code may provide more information >> (Preauthentication failed) >> Jun 17 06:15:47 fw02-2009Q2 idmap[987]: [ID 706612 daemon.info] LDAP >> SASL bind to win2008-01.fishworks.com:389 failed (Local error) > > A snoop of traffic for both the idmap and the smbadm join would be good > as would the AD access/error logs for both. >
