On 2017-07-21 07:10, Lawrence Giam wrote:
Hi All,
I have just setup an OmniOS r151014 and join it to an AD, after that I
keep seeing alot of this error:
idmap[544]: GSSAPI Error: Unspecified GSS failure. Minor code may
provide more information (Unsupported key table format version number)
I tried to follow this post
http://solariscat.blogspot.my/2015/01/solaris-11-samba-zfs-configuration-with.html
but I got an Aborted message.
C:\temp>ktpass -princ host/mysan3.domain.internal@DOMAIN.INTERNAL
-mapuser domain\serviceuser -crypto All -pass XXXXXXX -ptype
KRB5_NT_PRINCIPAL -out mysan3.keytab
Targeting domain controller: mydc01.domain.internal
Using legacy password setting method
Successfully mapped host/mysan3.domain.internal to serviceuser.
Aborted.
No mysan3.keytab file was generated.
Any one got any idea how to solve this or is it ok to ignore?
Thanks & Regards.
I'm not sure but the "Using legacy password setting method" seems to
indicate a SNAFU between how ktpass is processing the password and what
AD is expecting. I don't know enough about Windows and AD to know where
to even begin addressing that.
However, I can chime in with what I do for my Solaris 11 systems at
work:
I create a machine account (ex. COMPUTERNAME) in AD.
C:\temp> ktpass /princ host/computername.domain....@domain.tld -mapuser
DOMAIN\COMPUTERNAME$ +rndPass /crypto All /out computername.keytab
I personally like having the systems show up in AD as machines instead
of users. And with the +rndPass it's one less password I have to know
and worry about.
-Russ
_______________________________________________
OmniOS-discuss mailing list
OmniOS-discuss@lists.omniti.com
http://lists.omniti.com/mailman/listinfo/omnios-discuss
