Forwarding to the Winchester team for further input/comment. Doug.
Jason J. W. Williams wrote: > Hi Alan, > > On most AD integration implementations, it is not necessary to specify > the LDAP CN of your users container. Usually, because in AD you have > your users spread across multiple CNs. I was curious why it is > required here? Thank you in advance for your help. > > Best Regards, > Jason > > On Nov 30, 2007 1:23 AM, Alan M Wright <[EMAIL PROTECTED]> wrote: >> Tim Cook wrote: >>> I'm in the same boat he's in. I've tried your sharectl comment. My >>> itylevel is set to 3. When I start the server up, this is the messages >>> output: >>> >>> Nov 30 00:04:27 fserv idmap[2228]: [ID 537081 daemon.error] idmapd: DNS >>> search for '_ldap._tcp.dc._msdcs' failed (Unknown host) >>> Nov 30 00:04:30 fserv last message repeated 15 times >>> Nov 30 00:04:37 fserv idmap[2587]: [ID 537081 daemon.error] idmapd: DNS >>> search for '_ldap._tcp.dc._msdcs' failed (Unknown host) >>> Nov 30 00:04:37 fserv last message repeated 7 times >>> Nov 30 00:04:37 fserv idmap[2587]: [ID 416990 daemon.error] idmapd: Default >>> domain not configured; AD lookup disabled >>> Nov 30 00:04:37 fserv idmap[2587]: [ID 886103 daemon.error] idmapd: AD >>> joined domain is not configured; AD lookup disabled >>> Nov 30 00:04:37 fserv idmap[2587]: [ID 161601 daemon.error] idmapd: Global >>> catalog server is not configured; AD lookup disabled >>> Nov 30 00:04:37 fserv idmap[2587]: [ID 737341 daemon.error] idmapd: AD >>> lookup disabled >>> Nov 30 00:04:42 fserv smbd[2590]: [ID 862555 daemon.warning] smbrdr: (ipc) >>> no admin user name >>> Nov 30 00:04:42 fserv smbd[2590]: [ID 897614 daemon.warning] smbrdr: (ipc) >>> no admin password >>> Nov 30 00:04:45 fserv smbsrv: [ID 852980 kern.notice] NOTICE: SmbOplocks: >>> disabled >>> >>> >>> Nov 30 00:05:43 fserv smbd[2590]: [ID 653746 daemon.notice] >>> SmbLogon[FSERV\R00T]: WRONG_PASSWORD >>> >>> /var/smb/smbpasswd: >>> r00t:65535:XXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXX >> It would probably help to provide DNS and krb5 setup >> (/etc/resolv.conf and /etc/krb5/krb5.conf) and an explanation >> of how you have your systems and network configured, including >> the type of client and domain controller, and any relevant >> policy settings. >> >> The following advice (below) appeared in a previous email >> (assuming you're using an snv_77 base). >> >> Alan >> -- >> >> Setting up CIFS ADS configuration >> ------------------------------------- >> 1) sharectl set -p ads_enable=true smb >> 2) sharectl set -p ads_user=<User that you use for domain join> smb >> 3) sharectl set -p ads_user_container=cn=Users smb >> 4) sharectl set -p ads_domain=<fully qualified domain name> smb >> 5) sharectl set -p ads_passwd=<user's password> smb >> >> Restart CIFS service (due to a known issue) >> ------------------------------------------------------- >> svcadm disable smb/server >> pgrep smbd <--- Make sure the smbd process is no longer there >> svcadm enable -r smb/server >> >> Join the domain using "smbadm join" CLI >> ----------------------------------------- >> smbadm join -u <User> <NETBIOS name of the domain> >> i.e. smbadm join -u Administrator DOMAIN >> >> Restart CIFS service (due to a known issue) >> >> If you have idmap auto-discoverable SMF properties set (to get >> around the idmapd startup issue), please do the following to >> allow idmapd to perform auto-discovery after domain join. >> >> svccfg -s idmap >> listprop config/mapping_domain <-- to view the property value >> >> Please set the config/domain_name using the config/mapping_domain >> property value. >> >> delprop config/forest_name >> delprop config/site_name >> delprop config/domain_controller >> delprop config/global_catalog >> >> svcadm refresh idmap >> >> _______________________________________________ >> sparks-discuss mailing list >> [EMAIL PROTECTED] >> http://mail.opensolaris.org/mailman/listinfo/sparks-discuss >> > _______________________________________________ > sparks-discuss mailing list > [EMAIL PROTECTED] > http://mail.opensolaris.org/mailman/listinfo/sparks-discuss _______________________________________________ storage-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/storage-discuss
