Hi Alan, On most AD integration implementations, it is not necessary to specify the LDAP CN of your users container. Usually, because in AD you have your users spread across multiple CNs. I was curious why it is required here? Thank you in advance for your help.
Best Regards, Jason On Nov 30, 2007 1:23 AM, Alan M Wright <[EMAIL PROTECTED]> wrote: > Tim Cook wrote: > > I'm in the same boat he's in. I've tried your sharectl comment. My > > itylevel is set to 3. When I start the server up, this is the messages > > output: > > > > Nov 30 00:04:27 fserv idmap[2228]: [ID 537081 daemon.error] idmapd: DNS > > search for '_ldap._tcp.dc._msdcs' failed (Unknown host) > > Nov 30 00:04:30 fserv last message repeated 15 times > > Nov 30 00:04:37 fserv idmap[2587]: [ID 537081 daemon.error] idmapd: DNS > > search for '_ldap._tcp.dc._msdcs' failed (Unknown host) > > Nov 30 00:04:37 fserv last message repeated 7 times > > Nov 30 00:04:37 fserv idmap[2587]: [ID 416990 daemon.error] idmapd: Default > > domain not configured; AD lookup disabled > > Nov 30 00:04:37 fserv idmap[2587]: [ID 886103 daemon.error] idmapd: AD > > joined domain is not configured; AD lookup disabled > > Nov 30 00:04:37 fserv idmap[2587]: [ID 161601 daemon.error] idmapd: Global > > catalog server is not configured; AD lookup disabled > > Nov 30 00:04:37 fserv idmap[2587]: [ID 737341 daemon.error] idmapd: AD > > lookup disabled > > Nov 30 00:04:42 fserv smbd[2590]: [ID 862555 daemon.warning] smbrdr: (ipc) > > no admin user name > > Nov 30 00:04:42 fserv smbd[2590]: [ID 897614 daemon.warning] smbrdr: (ipc) > > no admin password > > Nov 30 00:04:45 fserv smbsrv: [ID 852980 kern.notice] NOTICE: SmbOplocks: > > disabled > > > > > > Nov 30 00:05:43 fserv smbd[2590]: [ID 653746 daemon.notice] > > SmbLogon[FSERV\R00T]: WRONG_PASSWORD > > > > /var/smb/smbpasswd: > > r00t:65535:XXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXX > > It would probably help to provide DNS and krb5 setup > (/etc/resolv.conf and /etc/krb5/krb5.conf) and an explanation > of how you have your systems and network configured, including > the type of client and domain controller, and any relevant > policy settings. > > The following advice (below) appeared in a previous email > (assuming you're using an snv_77 base). > > Alan > -- > > Setting up CIFS ADS configuration > ------------------------------------- > 1) sharectl set -p ads_enable=true smb > 2) sharectl set -p ads_user=<User that you use for domain join> smb > 3) sharectl set -p ads_user_container=cn=Users smb > 4) sharectl set -p ads_domain=<fully qualified domain name> smb > 5) sharectl set -p ads_passwd=<user's password> smb > > Restart CIFS service (due to a known issue) > ------------------------------------------------------- > svcadm disable smb/server > pgrep smbd <--- Make sure the smbd process is no longer there > svcadm enable -r smb/server > > Join the domain using "smbadm join" CLI > ----------------------------------------- > smbadm join -u <User> <NETBIOS name of the domain> > i.e. smbadm join -u Administrator DOMAIN > > Restart CIFS service (due to a known issue) > > If you have idmap auto-discoverable SMF properties set (to get > around the idmapd startup issue), please do the following to > allow idmapd to perform auto-discovery after domain join. > > svccfg -s idmap > listprop config/mapping_domain <-- to view the property value > > Please set the config/domain_name using the config/mapping_domain > property value. > > delprop config/forest_name > delprop config/site_name > delprop config/domain_controller > delprop config/global_catalog > > svcadm refresh idmap > > _______________________________________________ > sparks-discuss mailing list > [EMAIL PROTECTED] > http://mail.opensolaris.org/mailman/listinfo/sparks-discuss > _______________________________________________ storage-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/storage-discuss
