[cifs-discuss] [storage-discuss] [Fwd: CIFS Server Joining IU's ADS]

Burger, Matthew Ryan maburger at indiana.edu
Fri Sep 12 13:37:21 PDT 2008 

The kdc and admin_server is actually set to that, as the collective of
domain controllers (at IU) are just called ads.iu.edu.  Should I try to pick
one specific domain controller?

 

http://ussg.iu.edu/support/documentation#samba

 

 

nslookup ads.iu.edu

Server:  ns.iupui.edu

Address:  134.68.1.9

 

Non-authoritative answer:

Name:    ads.iu.edu

Addresses:  129.79.1.208, 129.79.1.207, 134.68.220.155, 134.68.220.157

          129.79.1.209, 134.68.220.153

 

nslookup 134.68.220.153

Server:  ns.iupui.edu

Address:  134.68.1.9

 

Name:    iu-mssg-adsdc01.ads.iu.edu

Address:  134.68.220.153

 

 

I did go back and add the default and domain realm lines.. Same result.

 

Thanks,

 

Matt

 

From: Natalie.Li at Sun.COM [mailto:Natalie.Li at Sun.COM] 
Sent: Friday, September 12, 2008 4:23 PM
To: Afshin Salek
Cc: Burger, Matthew Ryan; cifs-discuss at opensolaris.org
Subject: Re: [cifs-discuss] [storage-discuss] [Fwd: CIFS Server Joining IU's
ADS]

 

krb5.conf
=========
1) Both kdc and admin_server should be set to the host name of the domain
controller in ADS.IU.EDU, not the domain itself.
2) default_realm is missing.
3) domain_realm is missing.

resolv.conf
==========
You might want something like:

nameserver 134.68.1.9
nameserver 134.68.1.2
nameserver 129.79.1.1
search ads.iu.edu pathology.iupui.edu iupui.edu ads.iu.edu iu.edu
indiana.edu

Please make sure you specify the correct DNS server that can resolve
hostname/ip of ADS.IU.EDU domain as the nameserver.


The following URL should have all the information you need regarding DNS and
Kerberos configuration:

http://blogs.sun.com/timthomas/entry/configuring_the_opensolaris_cifs_server

Natalie

Afshin Salek wrote: 

Burger, Matthew Ryan wrote:
  

bash-3.2# ./cifs-chkcfg.sh 
/etc/pam.conf is not configured for workgroup mode
run: echo other password required pam_smb_passwd.so.1 nowarn >>
/etc/pam.conf
    

 
Ok, that won't be a problem since you want to switch to domain
mode. If you want to be able to connect via local users in domain
mode you need to do what's suggested here, otherwise you can ignore
it.
 
Natalie is looking at your resolv.conf and krb5.conf
There might be some issues there, stay tuned.
 
Afshin
 
  

-----Original Message-----
From: Afshin.Ardakani at Sun.COM [mailto:Afshin.Ardakani at Sun.COM] 
Sent: Friday, September 12, 2008 3:17 PM
To: Burger, Matthew Ryan
Cc: cifs-discuss at opensolaris.org
Subject: Re: [cifs-discuss] [storage-discuss] [Fwd: CIFS Server Joining IU's
ADS]
 
Burger, Matthew Ryan wrote:
    

Hmmm.... This did produce some interesting output.  The output of the
gendiag is in the attachment.
 
Here is the info:
 
bash-3.2# sh cifs-chkcfg.sh
      

Please don't use sh, just ./cifs-chkcfg.sh otherwise
as you can see there would be some grep issues.
 
    

cifs-chkcfg.sh: smbsrv: not found
CIFS driver (smbsrv) is not installed
make sure CIFS packages are installed properly
Usage: grep -hblcnsviw pattern file . . .
      

bash-3.2# svcadm enable -r smb/server
svcadm: svc:/milestone/network depends on svc:/network/physical, which has
multiple instances.
      

This is just an informational message and not indicating any issues.
 
I'll get back to you about your configuration.
 
Afshin
 
    

Thank you for taking time to look at this.  We feel that CIFS/ZFS is going
to be a big part of future, so again... we really appreciate your help.
 
Thanks,
 
Matt
 
 
 
 
-----Original Message-----
From: Afshin.Ardakani at Sun.COM [mailto:Afshin.Ardakani at Sun.COM]
Sent: Friday, September 12, 2008 2:01 PM
To: Burger, Matthew Ryan
Cc: Tim.Thomas at Sun.COM; Eoin Barry; linda kateley;
cifs-discuss at opensolaris.org; Wade, Joseph B;
storage-discuss at opensolaris.org
Subject: Re: [cifs-discuss] [storage-discuss] [Fwd: CIFS Server Joining
      

IU's
    

ADS]
 
Please run the following script and see if it complains:
 
http://opensolaris.org/os/project/cifs-server/files/cifs-chkcfg.sh
 
Please run the following script and send us the output:
 
http://opensolaris.org/os/project/cifs-server/files/cifs-gendiag.sh
 
Afshin
 
Burger, Matthew Ryan wrote:
      

I did, indeed, sync the clocks
 
 
 
From: Tim.Thomas at Sun.COM [mailto:Tim.Thomas at Sun.COM]
Sent: Friday, September 12, 2008 10:39 AM
To: Eoin Barry
Cc: linda kateley; cifs-discuss at opensolaris.org;
storage-discuss at opensolaris.org
Subject: Re: [cifs-discuss] [storage-discuss] [Fwd: CIFS Server Joining
        

IU's
      

ADS]
 
 
 
Did you sync the clocks . See step 3 in the procedure described here:
http://blogs.sun.com/timthomas/en_GB/category/OpenSolaris
 
Eoin Barry said the following :
 
copying the cifs-discuss alias to get their input...
 
linda kateley wrote:
 
can i get a little help on this?
 
 
 
  _____
 
 
 
 
Subject:
 
CIFS Server Joining IU's ADS
 
 
From:
 
"Burger, Matthew Ryan"   <mailto:maburger at indiana.edu>
<mailto:maburger at indiana.edu>
        

 <mailto:maburger at indiana.edu> <maburger at indiana.edu>
      

Date:
 
Fri, 12 Sep 2008 09:30:51 -0400
 
 
To:
 
  <mailto:Linda.Kateley at Sun.com> <mailto:Linda.Kateley at Sun.com>
<mailto:Linda.Kateley at Sun.com> "Linda.Kateley at Sun.com"
 <mailto:Linda.Kateley at sun.com> <mailto:Linda.Kateley at sun.com>
<mailto:Linda.Kateley at sun.com> <Linda.Kateley at sun.com>
 
 
 
 
To:
 
  <mailto:Linda.Kateley at Sun.com> <mailto:Linda.Kateley at Sun.com>
<mailto:Linda.Kateley at Sun.com> "Linda.Kateley at Sun.com"
 <mailto:Linda.Kateley at sun.com> <mailto:Linda.Kateley at sun.com>
<mailto:Linda.Kateley at sun.com> <Linda.Kateley at sun.com>
 
 
CC:
 
"Wade, Joseph B"   <mailto:jwade1 at iupui.edu> <mailto:jwade1 at iupui.edu>
<mailto:jwade1 at iupui.edu> <jwade1 at iupui.edu>
 
 
 
 
 
Hello,
 
 
 
I had a conversation with you yesterday and would be very interested in
getting CIFS running on IU's Active Directory.
 
 
 
This is basically what I get every time I try to join the domain:
 
 
 
bash-3.2# smbadm join -u maburger ads.iu.edu
 
This operation requires that the service be restarted.
 
Would you like to continue ? [no]: yes
 
Enter domain password:
 
Joining 'ads.iu.edu' ... this may take a minute ...
 
failed to join domain 'ads.iu.edu' (LOGON_FAILURE)
 
 
 
I have set the krb5.conf and the nsswitch.conf files, as well as added
        

the
    

domain to the resolv.conf.
 
 
 
Any ideas and/or help would be greatly appreciated.
 
 
 
Thanks,
 
 
Matthew Burger
 
maburger at iupui.edu
 
317-491-6429
 
 
 
 
  _____
 
 
 
 
_______________________________________________
storage-discuss mailing list
storage-discuss at opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/storage-discuss
 
 
 
 
 
  _____
 
 
 
 
_______________________________________________
cifs-discuss mailing list
cifs-discuss at opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
 
 
 
 
------------------------------------------------------------------------
 
_______________________________________________
cifs-discuss mailing list
cifs-discuss at opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
        

 
_______________________________________________
cifs-discuss mailing list
cifs-discuss at opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
  

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.opensolaris.org/pipermail/cifs-discuss/attachments/20080912/cc05ff92/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3084 bytes
Desc: not available
URL: <http://mail.opensolaris.org/pipermail/cifs-discuss/attachments/20080912/cc05ff92/attachment.bin>

More information about the cifs-discuss mailing list