Who said persistence doesn't pay? ------------------------------------------------------------------------------------------------- -bash-3.00# ./adjoin.sh -f Joining domain: mydomain.com Looking for domain controllers and global catalogs (A RRs) Looking for KDCs and DCs (SRV RRs) KDCs = server2003.mydomain.com 88 DCs = server2003.mydomain.com 389 Password for [EMAIL PROTECTED]: Looking for forest name Forest name = mydomain.com Looking for Global Catalog servers Looking for site name Looking for subnet object in the global catalog Could not find site name for any local subnet Site name not found. Local DCs/GCs will not be discovered Looking to see if there's an existing account... Looking to see if the machine account contains other objects... Deleting existing machine account... Creating the machine account in AD via LDAP adding new entry CN=SOLARIS,CN=Computers,DC=mydomain,DC=com
Setting the password/keys of the machine account Result: success (0) Getting kvno KVNO: 2 Determining supported enctypes for machine account via LDAP This must not be a Longhorn/Vista AD DC! So we assume 1DES and arcfour enctypes ARCFOUR will be supported Finishing machine account modifying entry CN=SOLARIS,CN=Computers,DC=mydomain,DC=com adjoin.sh: Done ------------------------------------------------------------------------------------------------- For anyone who attempts this please learn from my mistakes. The cause of the following had nothing to do with LDAP at all (from previous post): --------------------- adding new entry CN=SOLARIS.MYDOMAIN.COM,CN=Computers,DC=mydomain,DC=com ldap_add: Unknown error ldap_add: additional info: 00000523: SysErr: DSID-031A0FB6, problem 22 (Invalid argument), data 0 -------------------- This was infact due to the hostname being set incorrectly. Fix this in /etc/nodename and the adjoin script went a little further. The I watched netstat and realized and I hadn't configured exceptions for all necessary ports on windows firewall. Make sure you leave the following open: 389/tcp ldap 3268/tcp globalcatLDAP 464/udp kpasswd If you do this and follow the directions in "Using Kerberos to Authenticate a SolarisTM 10 OS LDAP Client With Microsoft Active Directory" guide all should work smoothly. Unless you're like me and find a to mess things up :/ This message posted from opensolaris.org _______________________________________________ sysadmin-discuss mailing list sysadmin-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/sysadmin-discuss