[cifs-discuss] domain problems with new install

Tue Jun 24 15:58:30 PDT 2008

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Nicolas Williams wrote:
| On Tue, Jun 24, 2008 at 07:39:50PM +0100, Matt Harrison wrote:
|> Apologies for my terse message previously, it was down to tiredness :P
|> Yes I ran smbadm cli tool and that joined me to the domain with no
|> apparent errors.
|
| As a general rule, the more info you give us, the better :)  (obviously
| don't share proprietary information).
|
|> I have tried with just kinit and it gives the error above. I've just
|> tried with administrator at genestate.com as the principal and it gives:
|>
|> kinit(v5): KDC reply did not match expectations while getting initial
|> credentials
|
| Can you try "kinit Administrator at GENESTATE.COM"?

that gives me:

kinit(v5): Preauthentication failed while getting initial credentials

| Kerberos V realm names are, by convention, always capitalized.
|
|> I checked resolv.conf has entries for the dns server that does my active
|> directory.
|
| Are there any 'domain' or 'search' directives in /etc/resolv.conf?  And
| if so, what are they?

$cat /etc/resolv.conf
domain genestate.com
nameserver 10.194.217.1
search genestate.com

as generated by the installer

No don't worry, thats just something from the mail client :)

|> ran smbadm join -u administrator genestate.com successfully.
|
| OK, so now things work?

It would appear that the domain membership is now ok, my remaining
problem being the idmap issue below

None that I can see, I rebooted because the time reset problem was
freaking me out. Now it syncs to the ntp server ok and doesn't reset.

The only thing that idmap gives me is this in /var/adm/mesages:

Jun 24 23:57:02 turnover smbd[871]: [ID 528497 daemon.debug]
SmbRdrNtCreate: fid=49158
Jun 24 23:57:02 turnover smbd[871]: [ID 118120 daemon.error]
smb_token_create: idmap failed
Jun 24 23:57:02 turnover smbd[871]: [ID 775558 daemon.debug]
smb_door_srv_func: execute server routine(opcode=0)
Jun 24 23:57:02 turnover smbd[871]: [ID 395423 daemon.debug]
smbrdr_ntcreatex: 18 \NETLOGON
Jun 24 23:57:02 turnover smbd[871]: [ID 528497 daemon.debug]
SmbRdrNtCreate: fid=49159
Jun 24 23:57:02 turnover smbd[871]: [ID 118120 daemon.error]
smb_token_create: idmap failed
Jun 24 23:57:02 turnover smbd[871]: [ID 775558 daemon.debug]
smb_door_srv_func: execute server routine(opcode=0)
Jun 24 23:57:02 turnover smbd[871]: [ID 395423 daemon.debug]
smbrdr_ntcreatex: 18 \NETLOGON
Jun 24 23:57:02 turnover smbd[871]: [ID 528497 daemon.debug]
SmbRdrNtCreate: fid=49160
Jun 24 23:57:02 turnover smbd[871]: [ID 118120 daemon.error]
smb_token_create: idmap failed

and this in /var/svc/log/system-idmap\:default.log

querying DNS for SRV RRs named '_ldap._tcp.dc._msdcs'
Found _ldap._tcp.dc._msdcs.genestate.com 86400 IN SRV [0][0]
pacifica.genestate.com:389
querying DNS for SRV RRs named '_ldap._tcp.gc._msdcs'
Found _ldap._tcp.gc._msdcs.genestate.com 86400 IN SRV [0][0]
pacifica.genestate.com:389
unable to discover Site Name

I'm not sure if this site name thing is the problem. I've googled around
for info about it but can't find anything except in actual source code
which i'm not up to studying right now :P

Thanks

- --
Matt Harrison
iwasinnamuknow at genestate.com
http://mattharrison.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)

iEYEARECAAYFAkhhfBYACgkQxNZfa+YAUWEkhgCfaYrgS5WPqRvjylY5TlfA65sX
tzUAoI3hHs80dwZjtiUPv+rdCf2C70Vt
=xrWm
-----END PGP SIGNATURE-----