Well, I still haven't given up on this and I am making progress. For the sake
of spreading my experience the script wasn't failing - I just failed at DNS :)
When I reinstalled Active Directory with out DNS already installed in the AD it
worked (somewhat). I followed the guide and just added the appropriate records.
After running the script this is where I am stuck now:
--------------------------------------------------------------------
-bash-3.00# ./adjoin.sh -f
Joining domain: mydomain.com
Looking for domain controllers and global catalogs (A RRs)
Looking for KDCs and DCs (SRV RRs)
KDCs = server2003.mydomain.com 88
DCs = server2003.mydomain.com 389
Password for [EMAIL PROTECTED]:
Looking for forest name
Forest name = mydomain.com
Looking for Global Catalog servers
Looking for site name
Looking for subnet object in the global catalog
ldap_sasl_interactive_bind_s: Can't connect to the LDAP server - Connection
timed out
Could not find site name for any local subnet
Site name not found. Local DCs/GCs will not be discovered
Looking to see if there's an existing account...
Creating the machine account in AD via LDAP
adding new entry CN=SOLARIS.MYDOMAIN.COM,CN=Computers,DC=mydomain,DC=com
ldap_add: Unknown error
ldap_add: additional info: 00000523: SysErr: DSID-031A0FB6, problem 22 (Invalid
argument), data 0
Could not add the new object to AD
----------------------------------------------------------------
Through my brilliant powers of observation I deducted that the problem was due
to something with LDAP. I followed the guide and ran the following:
-bash-3.00# ldapsearch -x -h server2003.mydomain.com -o mech=gssapi -o
authzid='' -b "cn=solaris,cn=computers,dc=mydomain,dc=com" -s base "" cn
RESULTING ERROR:
ldap_sasl_interactive_bind_s: Local error
Next I tried to configure with ldapclient - the file by runaway1 worked by I
need authenticationMethod=sasl/gssapi - Seems this is where the problem is:
% ldapclient -v manual \
-a credentialLevel=self \
-a authenticationMethod=sasl/gssapi \
-a defaultSearchBase=dc=companyxyz,dc=com \
-a domainName=companyxyz.com \
-a defaultServerList=192.168.159.148 \
-a attributeMap=passwd:gecos=cn \
-a attributeMap=passwd:homedirectory=unixHomeDirectory \
-a objectClassMap=group:posixGroup=group \
-a objectClassMap=passwd:posixAccount=user \
-a objectClassMap=shadow:shadowAccount=user \
-a serviceSearchDescriptor=passwd:cn=users,dc=companyxyz,dc=com?one \
-a serviceSearchDescriptor=group:cn=users,dc=companyxyz,dc=com?one
start: Error: sasl/GSSAPI bind is not working. Abort.
Error resetting system.
Recovering old system settings.
There's a bug on it here:
http://bugs.opensolaris.org/view_bug.do;jsessionid=97cf7acdec09dffffffffb6d34e517fbb7ae?bug_id=6664784
I have posted another thread as this is an ldap issue and not AD integration.
Hopefully I will get directions to assist in the work around.
This message posted from opensolaris.org
_______________________________________________
sysadmin-discuss mailing list
sysadmin-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/sysadmin-discuss
