Who said persistence doesn't pay?
-------------------------------------------------------------------------------------------------
-bash-3.00# ./adjoin.sh -f
Joining domain: mydomain.com
Looking for domain controllers and global catalogs (A RRs)
Looking for KDCs and DCs (SRV RRs)
        KDCs = server2003.mydomain.com 88
        DCs = server2003.mydomain.com 389
Password for [EMAIL PROTECTED]:
Looking for forest name
        Forest name = mydomain.com
Looking for Global Catalog servers
Looking for site name
        Looking for subnet object in the global catalog
Could not find site name for any local subnet
        Site name not found.  Local DCs/GCs will not be discovered
Looking to see if there's an existing account...
Looking to see if the machine account contains other objects...
Deleting existing machine account...
Creating the machine account in AD via LDAP
adding new entry CN=SOLARIS,CN=Computers,DC=mydomain,DC=com

Setting the password/keys of the machine account
Result: success (0)
Getting kvno
KVNO: 2
Determining supported enctypes for machine account via LDAP
This must not be a Longhorn/Vista AD DC!
        So we assume 1DES and arcfour enctypes
ARCFOUR will be supported
Finishing machine account
modifying entry CN=SOLARIS,CN=Computers,DC=mydomain,DC=com

adjoin.sh: Done
-------------------------------------------------------------------------------------------------

For anyone who attempts this please learn from my mistakes. The cause of the 
following had nothing to do with LDAP at all (from previous post):
---------------------
adding new entry CN=SOLARIS.MYDOMAIN.COM,CN=Computers,DC=mydomain,DC=com
ldap_add: Unknown error
ldap_add: additional info: 00000523: SysErr: DSID-031A0FB6, problem 22 (Invalid 
argument), data 0
--------------------

This was infact due to the hostname being set incorrectly. Fix this in 
/etc/nodename and the adjoin script went a little further. The I watched 
netstat and realized and I hadn't configured exceptions for all necessary ports 
on windows firewall. Make sure you leave the following open:

389/tcp    ldap
3268/tcp  globalcatLDAP
464/udp kpasswd

If you do this and follow the directions in "Using Kerberos to Authenticate a
SolarisTM 10 OS LDAP Client With Microsoft Active Directory" guide all should 
work smoothly. Unless you're like me and find a to mess things up :/
 
 
This message posted from opensolaris.org
_______________________________________________
sysadmin-discuss mailing list
sysadmin-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/sysadmin-discuss

Reply via email to