Who said persistence doesn't pay?
-------------------------------------------------------------------------------------------------
-bash-3.00# ./adjoin.sh -f
Joining domain: mydomain.com
Looking for domain controllers and global catalogs (A RRs)
Looking for KDCs and DCs (SRV RRs)
KDCs = server2003.mydomain.com 88
DCs = server2003.mydomain.com 389
Password for [EMAIL PROTECTED]:
Looking for forest name
Forest name = mydomain.com
Looking for Global Catalog servers
Looking for site name
Looking for subnet object in the global catalog
Could not find site name for any local subnet
Site name not found. Local DCs/GCs will not be discovered
Looking to see if there's an existing account...
Looking to see if the machine account contains other objects...
Deleting existing machine account...
Creating the machine account in AD via LDAP
adding new entry CN=SOLARIS,CN=Computers,DC=mydomain,DC=com
Setting the password/keys of the machine account
Result: success (0)
Getting kvno
KVNO: 2
Determining supported enctypes for machine account via LDAP
This must not be a Longhorn/Vista AD DC!
So we assume 1DES and arcfour enctypes
ARCFOUR will be supported
Finishing machine account
modifying entry CN=SOLARIS,CN=Computers,DC=mydomain,DC=com
adjoin.sh: Done
-------------------------------------------------------------------------------------------------
For anyone who attempts this please learn from my mistakes. The cause of the
following had nothing to do with LDAP at all (from previous post):
---------------------
adding new entry CN=SOLARIS.MYDOMAIN.COM,CN=Computers,DC=mydomain,DC=com
ldap_add: Unknown error
ldap_add: additional info: 00000523: SysErr: DSID-031A0FB6, problem 22 (Invalid
argument), data 0
--------------------
This was infact due to the hostname being set incorrectly. Fix this in
/etc/nodename and the adjoin script went a little further. The I watched
netstat and realized and I hadn't configured exceptions for all necessary ports
on windows firewall. Make sure you leave the following open:
389/tcp ldap
3268/tcp globalcatLDAP
464/udp kpasswd
If you do this and follow the directions in "Using Kerberos to Authenticate a
SolarisTM 10 OS LDAP Client With Microsoft Active Directory" guide all should
work smoothly. Unless you're like me and find a to mess things up :/
This message posted from opensolaris.org
_______________________________________________
sysadmin-discuss mailing list
sysadmin-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/sysadmin-discuss
