Well, I still haven't given up on this and I am making progress. For the sake of spreading my experience the script wasn't failing - I just failed at DNS :) When I reinstalled Active Directory with out DNS already installed in the AD it worked (somewhat). I followed the guide and just added the appropriate records. After running the script this is where I am stuck now:
-------------------------------------------------------------------- -bash-3.00# ./adjoin.sh -f Joining domain: mydomain.com Looking for domain controllers and global catalogs (A RRs) Looking for KDCs and DCs (SRV RRs) KDCs = server2003.mydomain.com 88 DCs = server2003.mydomain.com 389 Password for [EMAIL PROTECTED]: Looking for forest name Forest name = mydomain.com Looking for Global Catalog servers Looking for site name Looking for subnet object in the global catalog ldap_sasl_interactive_bind_s: Can't connect to the LDAP server - Connection timed out Could not find site name for any local subnet Site name not found. Local DCs/GCs will not be discovered Looking to see if there's an existing account... Creating the machine account in AD via LDAP adding new entry CN=SOLARIS.MYDOMAIN.COM,CN=Computers,DC=mydomain,DC=com ldap_add: Unknown error ldap_add: additional info: 00000523: SysErr: DSID-031A0FB6, problem 22 (Invalid argument), data 0 Could not add the new object to AD ---------------------------------------------------------------- Through my brilliant powers of observation I deducted that the problem was due to something with LDAP. I followed the guide and ran the following: -bash-3.00# ldapsearch -x -h server2003.mydomain.com -o mech=gssapi -o authzid='' -b "cn=solaris,cn=computers,dc=mydomain,dc=com" -s base "" cn RESULTING ERROR: ldap_sasl_interactive_bind_s: Local error Next I tried to configure with ldapclient - the file by runaway1 worked by I need authenticationMethod=sasl/gssapi - Seems this is where the problem is: % ldapclient -v manual \ -a credentialLevel=self \ -a authenticationMethod=sasl/gssapi \ -a defaultSearchBase=dc=companyxyz,dc=com \ -a domainName=companyxyz.com \ -a defaultServerList=192.168.159.148 \ -a attributeMap=passwd:gecos=cn \ -a attributeMap=passwd:homedirectory=unixHomeDirectory \ -a objectClassMap=group:posixGroup=group \ -a objectClassMap=passwd:posixAccount=user \ -a objectClassMap=shadow:shadowAccount=user \ -a serviceSearchDescriptor=passwd:cn=users,dc=companyxyz,dc=com?one \ -a serviceSearchDescriptor=group:cn=users,dc=companyxyz,dc=com?one start: Error: sasl/GSSAPI bind is not working. Abort. Error resetting system. Recovering old system settings. There's a bug on it here: http://bugs.opensolaris.org/view_bug.do;jsessionid=97cf7acdec09dffffffffb6d34e517fbb7ae?bug_id=6664784 I have posted another thread as this is an ldap issue and not AD integration. Hopefully I will get directions to assist in the work around. This message posted from opensolaris.org _______________________________________________ sysadmin-discuss mailing list sysadmin-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/sysadmin-discuss