Has anybody managed to get the CIFS service joined to a Windows 2008 domain? I'm trying, to no avail. It fails with the rather obscure (INVALID_PARAMETER) error.
I've tried relaxing several of the security options on the Default Domain Controller GP (LDAP server signing requirements, secure channel signing/encryption and LAN Manager authentication level), but it hasn't helped. DNS is good, as far as I can tell (served from Bind, sites and subnets configured appropriately). For what it's worth, the same machine has joined the domain using the procedure specified here: http://www.sun.com/bigadmin/features/articles/kerberos_s10.jsp and I can log on via Kerberos fine. getent passwd <user> also works for an AD user. I tried the domain join using the smbadm join command, and then, worrying that the pre-existing account might have got in the way, deleted that, to no avail. Can anyone suggest how I can debug this? Also, on a related note - I'm fairly new to OpenSolaris having spent the last few years as an AD/Exchange admin. Most big shops are going to be rather reluctant to globally relax policies as recommended in the CIFS admin guide, and even worse, the guide specifically mentions requiring domain admin privileges to join the domain. I'm lucky enough to have domain admin rights at the moment, but I would expect that what automated build we end up constructing will want to join the domain using an account with minimal privileges on a particular OU. Can I suggest that the software and documentation be tweaked to allow the user to pre-create a computer account in a particular OU, or specify an OU to create in? Cheers, Paul _______________________________________________ cifs-discuss mailing list cifs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
