You can confirm that they are in the same site if you only see
Default-First-Site record in the _sites folder:
Forward Lookup Zones
_msdcs.orgdepts.org.ac.uk
|_ dc
|_ _sites
|_ Default-First-Site
If you actually have a DC per ADS site, you can set the ads_site
property via sharectl to point to site (for instance, siteA) and specify
the kpasswd_server=<DC of siteA> in /etc/krb5/krb5.conf.
However, if you have all 3 DCs in the Default-First-Site, the domain
join would fail intermittently as described in CR 6607919. The
workaround is to restart smb/server and search for the last log message
that looks like the following:
msdcsLookupADS: orgdepts-dc2 <--- could by any DC in that domain
If you specify the DC discovered by SMB server as the kpasswd_server in
your krb5.conf, the domain join should succeed. In the above case, you
would need to have kpasswd_server=orgdepts-dc2.orgdepts.org.ac.uk in
your krb5.conf.
Regards,
Natalie
Naadir Jeewa wrote:
>Yes, there are 3 DCs in the ORGDEPTS domain. They're all in the same ADS site
>AFAIK. One possible massive caveat is the DNS setup:
>
>org.ac.uk
>|
>|
>|-organisationalunit.org.ac.uk (departmental DNS domain. Not related to AD)
>| |
>| |- testserver.organisationalunit.org.ac.uk
>|
>|-orgdepts.org.ac.uk (AD domain to be joined)
>| |
>| |-orgdepts-dc1
>| |-orgdepts-dc2
>| |-orgdepts-dc3
>|
>|-orgusers.org.ac.uk (AD user domain)
>| |
>| |-orgusers-dc1 ...
>|-ns1.org.ac.uk (all hosts registered here manually in separate Solaris BIND
>server)
>
>
>This message posted from opensolaris.org
>_______________________________________________
>storage-discuss mailing list
>[email protected]
>http://mail.opensolaris.org/mailman/listinfo/storage-discuss
>
>
_______________________________________________
storage-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/storage-discuss
