×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Contact US

*
*
*
*

Thanks. We have received your request and will respond promptly.

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Solaris 11 AD Integration - cannot find domain controller

thread60-1647530

Solaris 11 AD Integration - cannot find domain controller

Solaris 11 AD Integration - cannot find domain controller

(OP)
I am working an interesting problem here - hopefully someone can help.

I cannot get my Solaris 11 host to join an AD domain.  Here is what I have thus far:

First, I am using the following as refernce as I try to do this:
Oracle.com
Solaris 11: Join AD Domain for Samba

Next, in my troubleshooting, I am getting an error message of smbrdr_exchange[115]: failed (INVALID_PARAMETER)

Thing is, I don't know what parameter is invalid and don't know where to go from here....


Here is my /etc/krb5/krb5.conf:

CODE

[libdefaults]
#        default_realm = ___default_realm___
default_realm = PATRIOTS.DDS.NET

[realms]
#        ___default_realm___ = {
#                kdc = ___master_kdc___
#                kdc = ___slave_kdc1___
#                kdc = ___slave_kdc2___
#                kdc = ___slave_kdcN___
#                admin_server = ___master_kdc___
#        }
PATRIOTS.DDS.NET = {

kdc = washington.patriots.dds.net
admin_server = washington.patriots.dds.net
kpasswd_server = washington.patriots.dds.net
kpasswd_protocol = SET_CHANGE
}

[domain_realm]
#       ___domainname___ = ___default_realm___
.patriots.dds.net = PATRIOTS.DDS.NET

[logging]
        default = FILE:/var/krb5/kdc.log
        kdc = FILE:/var/krb5/kdc.log
        kdc_rotate = {

# How often to rotate kdc.log. Logs will get rotated no more
# often than the period, and less often if the KDC is not used
# frequently.

                period = 1d

# how many versions of kdc.log to keep around (kdc.log.0, kdc.log.1, ...)

                versions = 10
        }

[appdefaults]
        kinit = {
                renewable = true
                forwardable= true
        }


My /etc/resolv.conf

CODE

domain  patriots.dds.net
nameserver  10.14.1.10
[code]

My /etc/nsswitch.conf
[code]
hosts:      files dns mdns
ipnodes:   files dns mdns

Then, I do the following

svcadm enable -r smb/server
smbadm join -u areed patriots.dds.net

After joining patriots.dds.net the smb service will be restarted automatically.
Would you like to continue? [no]: yes
Enter domain password:
Joining patriots.dds.net ... this may take a minute ...
failed to find any domain controllers for patriots.dds.net




tail /var/adm/messages

CODE

May  5 11:55:27 robotics smbd[1215]: [ID 702911 daemon.notice] service shutting down
May  5 11:55:27 robotics smbd[1215]: [ID 702911 daemon.notice] service terminated
May  5 11:55:46 robotics smbd[1246]: [ID 702911 daemon.notice] service initialized
May  5 11:56:38 robotics smbd[1246]: [ID 702911 daemon.error] smbrdr_exchange[115]: failed (INVALID_PARAMETER)
May  5 11:56:38 robotics last message repeated 3 times
May  5 11:56:38 robotics smbd[1246]: [ID 702911 daemon.error] cannot locate domain controller for patriots.dds.net


I am at a loss here...can anyone shed some light on this?



 

-----

Allan D. Reed
http://www.linkedin.com/in/adreed
 

RE: Solaris 11 AD Integration - cannot find domain controller

(OP)
Nobody replied, but I was able to make some progress and I am going to post it here in case someone out there runs into the same issue.

The issue stems from Server 2008 and NTLMv2. By default, the domain policy is to only use NTLMv2. Solaris 11 is still only using NTLM (a bit obsolete, wouldn't you say?) so you have to set your domain controller to accept both NTLM and NTLMv2. You can find that under the GPO for "Default Domain Controller Policy" in the network security settings.

Also, you want to set the LAN Manager authentication level to two to allow it to bind properly. Here is the command:

CODE

# sharectl set -p lmauth_level=2 smb


There is a great deal more info on this website: Joining a Windows 2008 Domain

Now, to just get it to work for logins..... getting closer!

-----

Allan D. Reed
http://www.linkedin.com/in/adreed
 

RE: Solaris 11 AD Integration - cannot find domain controller

Might want to post your smb.conf file too.  Suspect you don't have "password server = " defined, and "use kerberos = yes"
 

RE: Solaris 11 AD Integration - cannot find domain controller

(OP)
Hi Chris,

Thanks for the reply.  In Solaris 11 Express, CIFS is now a kernel mode driver meaning no Samba and thus no smb.conf

Using the fix I described above,I was able to join the box to the AD domain.  Now, I am working on authenticating users who log into the Solaris 11 box against the same AD server.

 

-----

Allan D. Reed
http://www.linkedin.com/in/adreed
 

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login
Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close