A few configuration files and SMF properties need to be modifed for
DNS/ADS/Kerberos configuration before joining your system to a domain.
1) /etc/nsswitch.conf
---------------------------------------------------------------
Make sure you use DNS for host lookup.
hosts: files dns <-- you must add 'dns' here if it's not already there
2) /etc/krb5/krb5.conf
---------------------------------------------------------------------------------
bash-3.00# cat /etc/krb5/krb5.conf
[libdefaults]
default_realm = NETBENCH.COM <-- Type your AD domain
(fully-qualified) in upper-case.
[realms]
NETBENCH.COM = {
kdc = win2k3-q1.netbench.com <-- This is the fully-qualified
hostname of your domain controller
kpasswd_server = win2k3-q1.netbench.com <------ Same as above
kpasswd_protocol = SET_CHANGE
}
[domain_realm]
win2k3-q1.netbench.com = NETBENCH.COM <------ <fully-qualified hostname
of your DC> = <fully-qualified domain>
3) /etc/resolv.conf
-------------------------------------------------
bash-3.2# cat /etc/resolv.conf
nameserver 192.168.75.47 <---------------- DNS server
(if the DNS server is running on your domain controller, provide the IP
of your DC).
nameserver 10.1.98.13
nameserver 10.1.98.12
search netbench.com sun.com west.sun.com irvine.west.sun.com
lab1.irvine.west.sun.com <--- Add your AD domain to this list.
4) Setting up CIFS ADS configuration
-------------------------------------
1) sharectl set -p ads_enable=true smb
2) sharectl set -p ads_user=<User that you use for domain join> smb
3) sharectl set -p ads_user_container=cn=Users smb
4) sharectl set -p ads_domain=<fully qualified domain name (e.g.
netbench.com)> smb
5) sharectl set -p ads_passwd=<user's password> smb
5) Restart CIFS service (due to a known issue)
-------------------------------------------------------
svcadm disable smb/server
pgrep smbd <--- Make sure the smbd process is no longer there
svcadm enable -r smb/server
6) Join the domain using "smbadm join" CLI
-----------------------------------------
smbadm join -u <User> <NETBIOS name of the domain>
e.g.) smbadm join -u Administrator netbench
7) Restart CIFS service (due to a known issue)
8) If you have previously set the auto-discoverable SMF properties of
the idmap service (to get around the idmapd startup issue), please do
the following to allow the idmapd to perform auto-discovery after domain
join.
svccfg -s idmap
listprop config/mapping_domain <-- to view the property value
Please set the config/domain_name using the config/mapping_domain
property value.
delprop config/forest_name
delprop config/site_name
delprop config/domain_controller
delprop config/global_catalog
svcadm refresh idmap
Regards,
Natalie
John Connett wrote:
>On Mon, 2007-11-26 at 12:38 -0800, Afshin Salek wrote:
>
>
>>Seems like idmap service is not running. Try
>>
>>svcadm disable idmap
>>svcadm enable idmap
>>
>>and see if there's any errors in /var/adm/messages or
>>var/svc/log/system-idmap:default.log
>>
>>
>
>bash-3.2# svcadm disable idmap
>bash-3.2# svcadm enable idmap
>bash-3.2# svcs -a | fgrep idmap
>online 20:47:03 svc:/system/idmap:default
>bash-3.2# svcadm enable -r svc:/network/smb/server
>svcadm: svc:/milestone/network depends on svc:/network/physical, which
>has multiple instances.
>bash-3.2# svcs -a | fgrep smb
>online 20:47:08 svc:/network/smb/server:default
>bash-3.2# smbadm join -u Administrator my.domain.net
>Enter domain password:
>Joining 'my.domain.net' ... this may take a minute ...
>failed to find any domain controllers for 'my.domain.net'
>bash-3.2#
>
>Looking much better! Unfortunately, I don't know the real password for
>the domain so will have to wait until I am back at work tomorrow to try
>for real. The domain controllers are specified in /etc/krb5/krb5.conf
>so I'm not sure why they couldn't be found.
>
>Many thanks
>--
>John Connett
>
>
>
>
_______________________________________________
storage-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/storage-discuss
