Natalie Li wrote: > Forwarding this to kerberos-discuss for investigation on the > KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN error returned by a Windows 2008 SP2 > domain controller upon receipt of the KPASSWD request (RFC 3244). Please provide krb-diag output from the affected client using the following instructions and script from:
http://opensolaris.org/os/project/kerberos/Debuggin Shawn. -- > -------- Original Message -------- > Subject: Re: [cifs-discuss] Joining 2008 AD domain > Date: Thu, 24 Sep 2009 10:35:25 -0500 > From: Glenn Holmer <gholmer at weycogroup.com> > Organization: Weyco Group, Inc. > To: Natalie Li <Natalie.Li at Sun.COM> > CC: Jason Russ <jruss at weycogroup.com> > References: <1253637290.2972.4.camel at shadow> > <4AB90B9C.9090804 at Sun.COM> <1253729096.4975.1.camel at shadow> > <4ABA6A19.5080907 at Sun.COM> <1253732007.4975.11.camel at shadow> > <4ABA7133.2080005 at Sun.COM> <4ABA9582.9020206 at Sun.COM> > > > > On Wed, 2009-09-23 at 14:39 -0700, Natalie Li wrote: > > Could you please try running the kclient command to see if you be able > > to join the domain? > > > > kclient -T ms_ad > > > > When prompt to remove the account, say no. > > > > Please provide me with the output of kclient and the network capture > > between the domain controller and your OpenSolaris system while > > running that command. > > When trying to run the kclient command, I discovered that SUNWkdc was > not installed. I didn't know if that was related, so we tried the > smbadm join command again first after installing that (it failed). > > The attached packet trace contains traffic from both the join attempt > and the kclient command a few seconds later. > > -- > ____________________________________________________________ > Glenn Holmer gholmer at weycogroup.com > Software Engineer phone: 414-908-1809 > Weyco Group, Inc. fax: 414-908-1601 > > -------- Original Message -------- > > Subject: [cifs-discuss] Joining 2008 AD domain > Date: Tue, 22 Sep 2009 11:34:50 -0500 > From: Glenn Holmer <gholmer at weycogroup.com> > Organization: Weyco Group, Inc. > To: cifs-discuss at opensolaris.org > > > > We're having trouble joining an OpenSolaris box to an Active Directory > running 2008 server SP2. We've carefully studied the documentation and > upgraded to snv_123 based on our understanding of this issue: > > http://bugs.opensolaris.org/bugdatabase/view_bug.do?bug_id=6850508 > > We have also set lmauth_level=2. But we get this result: > > Sep 22 10:47:24 shadow idmap[367]: [ID 658967 daemon.info] SMF refresh > Sep 22 10:47:24 shadow idmap[367]: [ID 694198 daemon.notice] > Configuration unchanged > Sep 22 10:47:24 shadow smbd[405]: [ID 526780 daemon.notice] Failed to > establish NETLOGON credential chain > Sep 22 10:47:24 shadow smbd[405]: [ID 871254 daemon.error] smbd: failed > joining WEYCOGROUP.LOCAL (UNSUCCESSFUL) > > Where can we look to find the error? I have the output of cifs-gendiag > handy and can post it if necessary. > > -- > ____________________________________________________________ > Glenn Holmer gholmer at weycogroup.com > Software Engineer phone: 414-908-1809 > Weyco Group, Inc. fax: 414-908-1601 > > > > _______________________________________________ > cifs-discuss mailing list > cifs-discuss at opensolaris.org > http://mail.opensolaris.org/mailman/listinfo/cifs-discuss > > > ------------------------------------------------------------------------ > > _______________________________________________ > kerberos-discuss mailing list > kerberos-discuss at opensolaris.org > http://mail.opensolaris.org/mailman/listinfo/kerberos-discuss -- Shawn. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.opensolaris.org/pipermail/kerberos-discuss/attachments/20091002/82700c5d/attachment.html>
