Re: [OpenIndiana-discuss] Mount NTFS USB under OmniOS
Wow, cool. I thought this area has stalled in OI. Thank you for your efforts. I spend my spare time on JDS/Gnome for now (nearly completed task). ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] Joining an Active Directory Domain with smbadm
On 01/03/13 11:13, Peter Tripp wrote: > This is just to follow up, I finally busted out Wireshark to catch the DNS > request it was making and it became abundantly clear what was causing my > 'err=61' condition, it was an nsswitch.conf issue. smbadm was looking for > ad1.univ.edu instead of ad1.dept.univ.edu. > > nsswitch domain: dept.univ.edu > nsswitch search domain: univ.edu > ad domain: dept.univ.edu > ad controller: ad1.dept.univ.edu nsswitch.conf doesn't have domains or specify anything about DNS internal operation, but resolv.conf does. I suspect you might mean the latter. > The following DNS query would fail: ad1.univ.edu > > Although it would properly look up the domain controller based on my DNS > records, it would truncate to the domain component (ad1) and the add that to > my search domain (univ.edu) instead of just using the SRV record unmolested > (ad1.dept.univ.edu). So if you run into err 61 when using smbadm, check and > make sure both your domain and your search domain match the AD domain you're > trying to join. As the resolv.conf(4) man page says: The domain and search keywords are mutually exclusive. If more than one instance of these keywords is present, the last instance takes precedence. In other words, if you specify one, you probably should not be specifying the other. (Historically, there was a reason to specify both, but it was pretty narrow. If you ran software using ancient resolvers that didn't understand the "search" keyword, and if you had two or more items in the search list, then a plausible work-around would be to specify 'domain' first just for those old resolvers, and then a full 'search' list [always including the specified 'domain' as well] for the newer ones. Of course, I don't think you'll encounter such software on OpenIndiana, so the point is moot. Just say "search" and be done with it.) -- James Carlson 42.703N 71.076W ___ OpenIndiana-discuss mailing list OpenIndiana-discuss@openindiana.org http://openindiana.org/mailman/listinfo/openindiana-discuss
Re: [OpenIndiana-discuss] Joining an Active Directory Domain with smbadm
This is just to follow up, I finally busted out Wireshark to catch the DNS request it was making and it became abundantly clear what was causing my 'err=61' condition, it was an nsswitch.conf issue. smbadm was looking for ad1.univ.edu instead of ad1.dept.univ.edu. nsswitch domain: dept.univ.edu nsswitch search domain: univ.edu ad domain: dept.univ.edu ad controller: ad1.dept.univ.edu The following DNS query would fail: ad1.univ.edu Although it would properly look up the domain controller based on my DNS records, it would truncate to the domain component (ad1) and the add that to my search domain (univ.edu) instead of just using the SRV record unmolested (ad1.dept.univ.edu). So if you run into err 61 when using smbadm, check and make sure both your domain and your search domain match the AD domain you're trying to join. Thanks Lucas and everyone else for your help. It turns out (as is often the case) actually capturing traffic on the wire lets you know what has happened rather than just what you assume has happened. -Pete On Dec 6, 2012, at 1:21 PM, Lucas Van Tol wrote: > > Since you aren't using your AD system for DNS; you may be missing some > entries specific to an AD environment. > It may be easiest to enable dns there; but only use it on your storage > server. (maybe also firewall it off so nobody else tries to use it...) > > These are the records I have in my workaround DNS named.domain (identifying > information sed'ed away...). > It also has workarounds for some other software that didn't like complicated > domains; but I can't recall which entries fix which problems. > > > domain.edu. NS smb.domain.edu. > smb.domain.edu. A 192.168.1.23 > my A 192.168.1.68 > dc1 A 192.168.1.68 > dc1.my.domain.edu. A 192.168.1.68 > dc1.my.domain.edu.domain.edu. A 192.168.1.68 > _ldap._tcp.dc._msdcs.my.domain.edu. SRV 0 0 389 dc1.my.domain.edu. > _kerberos._tcp.my.domain.edu. SRV 0 0 88 dc1.my.domain.edu. > _ldap._tcp.my.domain.edu. SRV 0 0 389 dc1.my.domain.edu. > _kerberos._tcp.dc._msdcs.my.domain.edu. SRV 0 0 389 dc1.my.domain.edu. > _ldap._tcp.dc._msdcs. SRV 0 0 389 dc1.my.domain.edu. > _kerberos._tcp. SRV 0 0 88 dc1.my.domain.edu. > _ldap._tcp. SRV 0 0 389 dc1.my.domain.edu. > _kerberos._tcp.dc._msdcs. SRV 0 0 389 dc1.my.domain.edu. > _kerberos-master._tcp.MY.DOMAIN.EDU. SRV 0 0 88 dc1.my.domain.edu > _kerberos-master._tcp.my.domain.edu. SRV 0 0 88 dc1.my.domain.edu > _kerberobomaster._udp.MY.DOMAIN.EDU. SRV 0 0 88 dc1.my.domain.edu > _kerberos-master._udp.my.domain.edu. SRV 0 0 88 dc1.my.domain.edu > _ldap._tcp.gc._msdcs.domain.edu. SRV 0 0 3268 dc1.my.domain.edu > _ldap._tcp.gc._msdcs.DOMAIN.EDU. SRV 0 0 3268 dc1.my.domain.edu > _ldap._tcp.dc._msdcs.my.domain.edu.domain.edu. SRV 0 0 389 dc1.my.domain.edu. > _kerberos._tcp.my.domain.edu.domain.edu.SRV 0 0 88 > dc1.my.domain.edu. > _ldap._tcp.my.domain.edu.domain.edu.SRV 0 0 389 dc1.my.domain.edu. > _kerberos._tcp.dc._msdcs.my.domain.edu.domain.edu. SRV 0 0 389 > dc1.my.domain.edu. > _ldap._tcp.dc._msdcs. SRV 0 0 389 dc1.my.domain.edu. > _kerberos._tcp. SRV 0 0 88 dc1.my.domain.edu. > _ldap._tcp. SRV 0 0 389 dc1.my.domain.edu. > _kerberos._tcp.dc._msdcs. SRV 0 0 389 dc1.my.domain.edu. > _kerberos-master._tcp.MY.DOMAIN.EDU.DOMAIN.EDU. SRV 0 0 88 dc1.my.domain.edu > _kerberos-master._tcp.my.domain.edu.domain.edu. SRV 0 0 88 dc1.my.domain.edu > _kerberobomaster._udp.MY.DOMAIN.EDU.DOMAIN.EDU. SRV 0 0 88 dc1.my.domain.edu > _kerberos-master._udp.my.domain.edu.domain.edu. SRV 0 0 88 dc1.my.domain.edu > _ldap._tcp.gc._msdcs.domain.edu.domain.edu. SRV 0 0 3268 dc1.my.domain.edu > _ldap._tcp.gc._msdcs.DOMAIN.EDU.DOMAIN.EDU. SRV 0 0 3268 dc1.my.domain.edu > > > > -Lucas Van Tol > > >> From: pe...@psych.columbia.edu >> Date: Thu, 6 Dec 2012 12:28:40 -0500 >> To: openindiana-discuss@openindiana.org >> Subject: Re: [OpenIndiana-discuss] Joining an Active Directory Domain with >> smbadm >> >> Wow, this is certainly not the voodoo type suggestions I was hoping for, but >> maybe it'll point me in the right direction. >> >> It's not a multi-domain or multi-controller environment. Single domain on a >> single domain controller. Time is not out of sync (drift <0.01sec). My >> domain controller does not run it's own DNS services. I went to some trouble >> so that I wouldn't have to maintain MS DNS, not excited about enabling >> anytime I need to bind an Illumos host to AD. As far as I can tell this is >> literally the most simplistic Active Directory setup possible. >> >> I guess that leaves setting up a mini DNS server with the records I need and >> then logging the incorrect queries; or even just firing up wireshark and >> logging the DNS on the wire. I'd really like to try and track down the bad >> code and fix it. Making AD binds work would