Nick, Is sjm-b81 a sparc machine? Are you testing in a multiple DC environment? What's the value of the lmauth_level property of sjm-b81? (Run `sharectl get smb`) Does you DC mandate NTLMv2 authentication?
To troubleshoot this problem, it'd be nice if you can configure the syslog.conf to also log daemon debug messages. Regards, Natalie Nick Ross wrote: > We're trying to get the CIFS server in b81 to join one of our domains, > but smbadm fails with varying error messages. The system can get a > TGT from any of our DCs, and message signing was disabled in the > default dc GPO. I've attached our krb5.conf, CLI content, and > relevant /var/adm/message content. > > Since this is in a lab, we are not concerned about the confidentiality > of our krb5.conf information. > > Using the same krb5.conf file on another node, we were able to join a > Solaris 10U4 system to the domain (winbind). > > First question to the group -- how can we get more detailed debugging > information on where it is failing? > > Second question -- is there anything blatantly obvious about the > configuration or commands that is incorrect? > > Third question -- is this a known issue? > > Best Regards, > Nick Ross > > > *Nick Ross* > /Sr. Systems Engineer/ > Applied Computer Solutions > /Direct Line /714.861.2291 > [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > > >------------------------------------------------------------------------ > ># smbadm join -u Administrator hb.acsportal.com Enter domain password: >Joining 'hb.acsportal.com' ... this may take a minute ... >failed to join domain 'hb.acsportal.com' (LOGON_FAILURE) > ># klist >klist: No credentials cache file found (ticket cache FILE:/tmp/krb5cc_0) > ># kinit >kinit(v5): Client not found in Kerberos database while getting initial >credentials > ># kinit Administrator >Password for [EMAIL PROTECTED]: > ># klist >Ticket cache: FILE:/tmp/krb5cc_0 >Default principal: [EMAIL PROTECTED] > >Valid starting Expires Service principal >02/13/08 18:48:45 02/14/08 04:48:46 krbtgt/[EMAIL PROTECTED] > renew until 02/20/08 18:48:45 > ># smbadm join -u Administrator hb.acsportal.com Enter domain password: >Joining 'hb.acsportal.com' ... this may take a minute ... >failed to join domain 'hb.acsportal.com' (LOGON_FAILURE) > > >------------------------------------------------------------------------ > >Feb 13 17:38:15 sjm-b81 smbd[970]: [ID 995127 daemon.error] dyndns: UDP send >error (Bad file number) >Feb 13 17:38:15 sjm-b81 smbd[970]: [ID 342079 daemon.error] smb_ads: >send/receive error >Feb 13 17:38:18 sjm-b81 smbd[970]: [ID 362282 daemon.error] ads: Retry kinit >to acquire credential. >Feb 13 17:38:19 sjm-b81 smbd[970]: [ID 871254 daemon.error] smbd: failed >joining hb.acsportal.com (UNSUCCESSFUL) >Feb 13 17:42:37 sjm-b81 smbd[970]: [ID 970359 daemon.error] smbd: >fully-qualified domain name is unknown >Feb 13 17:42:57 sjm-b81 smbd[970]: [ID 362282 daemon.error] ads: Retry kinit >to acquire credential. >Feb 13 17:42:58 sjm-b81 smbd[970]: [ID 871254 daemon.error] smbd: failed >joining hb.acsportal.com (UNSUCCESSFUL) >Feb 13 17:48:49 sjm-b81 smbd[424]: [ID 995127 daemon.error] dyndns: UDP send >error (Bad file number) >Feb 13 17:48:49 sjm-b81 smbd[424]: [ID 342079 daemon.error] smb_ads: >send/receive error >Feb 13 17:48:51 sjm-b81 smbd[424]: [ID 362282 daemon.error] ads: Retry kinit >to acquire credential. >Feb 13 17:48:53 sjm-b81 smbd[424]: [ID 871254 daemon.error] smbd: failed >joining hb.acsportal.com (UNSUCCESSFUL) >Feb 13 17:53:20 sjm-b81 smbd[424]: [ID 362282 daemon.error] ads: Retry kinit >to acquire credential. >Feb 13 17:53:22 sjm-b81 smbd[424]: [ID 871254 daemon.error] smbd: failed >joining hb.acsportal.com (UNSUCCESSFUL) >Feb 13 18:06:25 sjm-b81 smbd[841]: [ID 995127 daemon.error] dyndns: UDP send >error (Bad file number) >Feb 13 18:06:25 sjm-b81 smbd[841]: [ID 342079 daemon.error] smb_ads: >send/receive error >Feb 13 18:06:27 sjm-b81 smbd[841]: [ID 362282 daemon.error] ads: Retry kinit >to acquire credential. >Feb 13 18:06:27 sjm-b81 smbd[841]: [ID 974439 daemon.error] smb_kinit: NOT >Authenticated to Kerberos v5 k5_begin failed >Feb 13 18:06:27 sjm-b81 smbd[841]: [ID 305693 daemon.error] ads: major status >error: An invalid name was supplied >Feb 13 18:06:27 sjm-b81 smbd[841]: [ID 434683 daemon.error] ads: minor status >error: Improper format of Kerberos /etc/krb5/krb5.conf configuration file >Feb 13 18:06:27 sjm-b81 smbd[841]: [ID 871254 daemon.error] smbd: failed >joining hb.acsportal.com (UNSUCCESSFUL) >Feb 13 18:09:10 sjm-b81 smbd[841]: [ID 362282 daemon.error] ads: Retry kinit >to acquire credential. >Feb 13 18:09:12 sjm-b81 smbd[841]: [ID 871254 daemon.error] smbd: failed >joining hb.acsportal.com (UNSUCCESSFUL) >Feb 13 18:10:55 sjm-b81 smbd[841]: [ID 362282 daemon.error] ads: Retry kinit >to acquire credential. >Feb 13 18:10:57 sjm-b81 smbd[841]: [ID 871254 daemon.error] smbd: failed >joining hb.acsportal.com (UNSUCCESSFUL) >Feb 13 18:12:10 sjm-b81 smbd[841]: [ID 362282 daemon.error] ads: Retry kinit >to acquire credential. >Feb 13 18:12:11 sjm-b81 smbd[841]: [ID 871254 daemon.error] smbd: failed >joining hb.acsportal.com (UNSUCCESSFUL) >Feb 13 18:48:11 sjm-b81.hb.acsportal.com smbd[419]: [ID 995127 daemon.error] >dyndns: UDP send error (Bad file number) >Feb 13 18:48:11 sjm-b81.hb.acsportal.com smbd[419]: [ID 342079 daemon.error] >smb_ads: send/receive error >Feb 13 18:48:14 sjm-b81.hb.acsportal.com smbd[419]: [ID 871254 daemon.error] >smbd: failed joining hb.acsportal.com (LOGON_FAILURE) >Feb 13 18:54:07 sjm-b81.hb.acsportal.com smbd[419]: [ID 871254 daemon.error] >smbd: failed joining hb.acsportal.com (LOGON_FAILURE) >Feb 13 18:57:32 sjm-b81.hb.acsportal.com smbd[789]: [ID 995127 daemon.error] >dyndns: UDP send error (Bad file number) >Feb 13 18:57:32 sjm-b81.hb.acsportal.com smbd[789]: [ID 342079 daemon.error] >smb_ads: send/receive error >Feb 13 18:57:34 sjm-b81.hb.acsportal.com smbd[789]: [ID 362282 daemon.error] >ads: Retry kinit to acquire credential. >Feb 13 18:57:35 sjm-b81.hb.acsportal.com smbd[789]: [ID 871254 daemon.error] >smbd: failed joining hb.acsportal.com (UNSUCCESSFUL) >Feb 13 19:01:11 sjm-b81.hb.acsportal.com smbd[789]: [ID 362282 daemon.error] >ads: Retry kinit to acquire credential. >Feb 13 19:01:21 sjm-b81.hb.acsportal.com smbd[789]: [ID 871254 daemon.error] >smbd: failed joining hb.acsportal.com (OPEN_FAILED) >Feb 13 19:05:20 sjm-b81.hb.acsportal.com smbd[861]: [ID 995127 daemon.error] >dyndns: UDP send error (Bad file number) >Feb 13 19:05:20 sjm-b81.hb.acsportal.com smbd[861]: [ID 342079 daemon.error] >smb_ads: send/receive error >Feb 13 19:05:22 sjm-b81.hb.acsportal.com smbd[861]: [ID 871254 daemon.error] >smbd: failed joining hb.acsportal.com (LOGON_FAILURE) >Feb 13 19:06:48 sjm-b81.hb.acsportal.com smbd[861]: [ID 871254 daemon.error] >smbd: failed joining HB.ACSPORTAL.COM (LOGON_FAILURE) >Feb 13 20:01:12 sjm-b81.hb.acsportal.com smbd[861]: [ID 871254 daemon.error] >smbd: failed joining hb.acsportal.com (LOGON_FAILURE) > > >------------------------------------------------------------------------ > ># Copyright 2004 Sun Microsystems, Inc. All rights reserved. ># Use is subject to license terms. ># ># ident "@(#)krb5.conf 1.3 04/03/25 SMI" ># > ># krb5.conf template ># In order to complete this configuration file ># you will need to replace the __<name>__ placeholders ># with appropriate values for your network. ># >[libdefaults] > default_realm = HB.ACSPORTAL.COM > >[realms] > HB.ACSPORTAL.COM = { > kdc = dominion.hb.acsportal.com > kdc = dc-02.hb.acsportal.com > admin_server = dominion.hb.acsportal.com > kpasswd_server = dominion.hb.acsportal.com > kpasswd_protocol = SET_CHANGE > } > >[domain_realm] > .hb.acsportal.com = HB.ACSPORTAL.COM > >[logging] > default = FILE:/var/krb5/kdc.log > kdc = FILE:/var/krb5/kdc.log > kdc_rotate = { > ># How often to rotate kdc.log. Logs will get rotated no more ># often than the period, and less often if the KDC is not used ># frequently. > > period = 1d > ># how many versions of kdc.log to keep around (kdc.log.0, kdc.log.1, ...) > > versions = 10 > } > >[appdefaults] > kinit = { > renewable = true > forwardable= true > } > gkadmin = { > help_url = > http://docs.sun.com:80/ab2/coll.384.1/SEAM/@AB2PageView/1195 > } > > >------------------------------------------------------------------------ > >_______________________________________________ >storage-discuss mailing list >[email protected] >http://mail.opensolaris.org/mailman/listinfo/storage-discuss > > _______________________________________________ storage-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/storage-discuss
