Nicolas Williams wrote: > On Thu, Feb 07, 2008 at 11:41:47PM +1000, James C. McPherson wrote: >> Nicolas Williams wrote: >>> You don't have to do anything at all for idmap to be in AD-only mode. >>> By default it only does ephemeral ID mapping (for SID->UID/GID mapping) >>> and local SID mapping (for non-ephemeral UID/GID->SID mapping). >> Is this the compulsory mode of operation now? I noticed that since >> going from 77 to 81, I am no longer able to connect from my win-XP >> or win-Vista systems. The message I see is > > No, ephemeral mapping is just the default.
So do I still need the explicit "idmap add winuser:* unixuser:*" ? >> Feb 6 15:33:12 farnarkle idmap[7189]: [ID 678313 daemon.error] Failed to >> create request for AD lookup by winname > > Possible problems (I know, we should have beeter logging, but the > information here could be buried many layers deep, so it's hard to get): > > - your /etc/krb5/krb5.keytab is out of sync > Try re-joining your domain. I've never, ever used Kerberos. > - your DNS resolver config is broken Fairly sure it's not broken, since I've had it working with forward and reverse mappings, cnames and mx records for more than a year. What should I go looking for? .... >> Is there a minimum schema definition which idmapd requires? > > idmapd does not require SFU be installed, or that any schema changes be > made. > > Using nss_ldap with AD as the directory is different. I wasn't clear on > what, exactly, you were looking for. I'm looking for a way to login, in workgroup mode :-) James C. McPherson -- Senior Kernel Software Engineer, Solaris Sun Microsystems http://blogs.sun.com/jmcp http://www.jmcp.homeunix.com/blog _______________________________________________ storage-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/storage-discuss
