Hi Jordon, -----Original Message----- From: Jordan Brown [mailto:jordan.br...@oracle.com] Sent: Wed 5/19/2010 9:03 PM To: Ryan John Cc: cifs-discuss@opensolaris.org Subject: Re: [cifs-discuss] URGENT no users can access CIFS John Ryan wrote: >> I got around the initial problem, but I'd still be very interested to >> find out what went wrong. >> To get out of trouble, I first rebooted, and it seemed to work for a >> while, but then after about an hour, all connection attemps failed, >> and the logs were ful of idmap errors. >> >> I then stopped idmap, renameded the idmap.db in /var/run/idmap, reset >> my name mapping rules, and rebooted. >> I didn't see any more idmap errors in the log. > > Some of the CIFS folks can probably chime in on what > CANT_ACCESS_DOMAIN_INFO really means. > > For idmap errors, I would look at /var/svc/log/system-idmap:default.log > and at /var/adm/messages.
The only errors I got in messages were: (lots of) May 19 13:45:03 bs-ssvr05 smbd[553]: [ID 266262 daemon.error] NT Authority\Anonymous: idmap failed May 19 13:46:47 bs-ssvr05 smbd[553]: [ID 266262 daemon.error] D\ryanj: idmap failed May 19 13:47:28 bs-ssvr05 smbd[553]: [ID 266262 daemon.error] D\ryanj: idmap failed > > I would also enable idmap debugging by: > # svccfg -s idmap setprop config/debug = boolean: true > # svcadm refresh idmap This is already like that. Again there was nothing unusual in /var/svc/log/system-idmap:default.log > If the SMB server is having trouble talking to the domain controller, it > is no surprise that idmap is also having trouble. There was no problem contacting the domain controller. I managed to rejoin the domain several times. There was an error contacting the domain in /var/svc/log/system-idmap:default.log.0, but there are no timestamps in this file for 7 days, so I don't know when it happened. Further digging, and I came across Bug 6907210 and wondered if I had hit this. The reason is, the afternoon before, we had some changes to our LDAP schema, so I changed some idmap name rules. The "idmap failed" errors started at 15:00 that very afternoon. I could only fix the problem by deleting and recreating the idmap database. Regards John >> >> Regards >> John >> >> >> >> >> Ryan John wrote: >>> >>> Hi, >>> >>> I have an urgent problem. >>> >>> None of our users can access our fileservers. >>> >>> I get this in the error log: >>> >>> smbd[12228]: [ID 653746 daemon.info] SmbLogon[D\ryanj]: >>> CANT_ACCESS_DOMAIN_INFO >>> >>> This was working fine until yesterday. >>> >>> I've tried rejoining the domain, which succeeded and restarting idmap >>> >>> What else can I do? >>> >>> I attach the output from gendiag >>> >>> Thanks in advance >>> >>> John Ryan >>> >>> ------------------------------------------------------------------------ >>> >>> _______________________________________________ >>> cifs-discuss mailing list >>> cifs-discuss@opensolaris.org >>> http://mail.opensolaris.org/mailman/listinfo/cifs-discuss >> >> _______________________________________________ >> cifs-discuss mailing list >> cifs-discuss@opensolaris.org >> http://mail.opensolaris.org/mailman/listinfo/cifs-discuss >> _______________________________________________ cifs-discuss mailing list cifs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/cifs-discuss