Naadir, Both signing_enabled and signing_required properties are for server-side packet signing, which is currently not supported. Please restore those to the default value (i.e. signing_enabled=false, and signing_required=false). The known client-side packet signing issue has been fixed in build 81. So, if SMB packet signing is enabled on the domain controller, the domain join should still work.
The default value of lmauth_level is set to 4. In other words, it uses NTLMv2 authentication, which should work regardless of the DC's lmcomapatibility level setting. However, if you were to change the lmauth_level property to anything below 3, you might encounter problem because the system is using NTLM authentication while the DC might require the use of NTLMv2 authentication. It be safe to reset the property to its default value. Based on the log messages, I'd assume you have problem locating the domain controller. Did you specify the correct name server in your /etc/resolv.conf? Is it a multiple DC environment? krb5.conf must be set up to reflect which Kerberos realm you are attempting to join. It is mentioned in the admin guide. It'd be nice if you configure the syslog.conf to also log daemon debug messages for troubleshooting purposes. Regards, Natalie Naadir Jeewa wrote: >Funnily, I am having problems on b81 ;) > >Trying to run smbadm join fails with the following: >Feb 12 18:05:50 TestServer smbd[10542]: [ID 995127 daemon.error] dyndns: UDP >send error (Bad file number) >Feb 12 18:05:50 TestServer smbd[10542]: [ID 342079 daemon.error] smb_ads: >send/receive error >Feb 12 18:05:52 TestServer smbd[10542]: [ID 362282 daemon.error] ads: Retry >kinit to acquire credential. >Feb 12 18:05:52 TestServer smbd[10542]: [ID 976343 daemon.error] Strong >authentication required >Feb 12 18:05:52 TestServer smbd[10542]: [ID 871254 daemon.error] smbd: failed >joining orgdepts.org.uk (UNSUCCESSFUL) > >I've tried various combinations of the smf configs: >lmauth_level >signing_enabled >signing_required > >kinit works independently. Is this a SASL issue, and do I need to put a >certificate somewhere? > >Also, the documentation could do with a clean up. It's unclear whether or not >krb5.conf needs to be set up or not. > > >This message posted from opensolaris.org >_______________________________________________ >storage-discuss mailing list >[email protected] >http://mail.opensolaris.org/mailman/listinfo/storage-discuss > > _______________________________________________ storage-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/storage-discuss
