You might also want to try doing ntpdate -u *domain server* and using the domain server as your nameserver in resolv.conf.
For a domain with several AD controllers, I've also made a small dns server that returnes a consistent single address for the domain; as well as directing some variants of the domai there [domian.com.domain.com; domain.domain.com ...]. It fixed a lot of mysterious domain join faiures I had. You can also track what exactly thy are doing when they look for servers for the domain, and add entries as needed. -Lucas Van Tol Gordon Ross <[email protected]> wrote: On Sat, Aug 25, 2012 at 8:55 AM, Ryan John <[email protected]> wrote: > Hi, > > I’m trying to join an AD domain, but can’t. > This used to work with snv_134, and I’m using the same config. > I’m not a top level domain admin, just an OU admin. > > In snv_134, I had to set lmauthlevel to 2, but that apparently doesn’t work > anymore. > > If I set lmauthlevel=2, I simply get: > > ~# smbadm join -u john domain.example.com > After joining domain.example.com the smb service will be restarted > automatically. > Would you like to continue? [no]: yes > Enter domain password: > Joining domain.example.com... this may take a minute ... > failed to join domain.example.com: LOGON_FAILURE > Please refer to the system log for more information. > > If I set lmauthlevel=4, I get: This (4) is the only level that works reliably now. > ~# smbadm join -u john domain.example.com > After joining domain.example.com the smb service will be restarted > automatically. > Would you like to continue? [no]: yes > Enter domain password: > Joining domain.example.com ... this may take a minute ... > failed to join domain.example.com: UNSUCCESSFUL > Please refer to the system log for more information. > > And in the log, I see: > smbd[12965]: [ID 972153 daemon.error] smbns_ksetpwd: KPASSWD protocol > exchange failed (Cannot contact any KDC for requested realm) > smbd[12965]: [ID 702911 daemon.notice] Failed to set machine password. > smbd[12965]: [ID 871254 daemon.error] smbd: failed joining domain.example.com > (UNSUCCESSFUL) What does nsswitch.conf have? Can you resolve the kdc name "bare"? (no domain part) -- Gordon Ross <[email protected]> Nexenta Systems, Inc. www.nexenta.com Enterprise class storage for everyone _______________________________________________ OpenIndiana-discuss mailing list [email protected] http://openindiana.org/mailman/listinfo/openindiana-discuss _______________________________________________ OpenIndiana-discuss mailing list [email protected] http://openindiana.org/mailman/listinfo/openindiana-discuss
