Managing SMB File Sharing and Windows Interoperability in Oracle Solaris 11.2

Exit Print View

 
Updated: July 2014
 
 

Cannot Join a Windows Domain

To authenticate users from a Windows domain, the Oracle Solaris SMB service must locate a domain controller, authenticate, and then add a computer account to the domain.

Users from the domain are not able to establish a connection to the Oracle Solaris SMB service unless this process succeeds.

Check the DNS Configuration

The Oracle Solaris SMB service must be running for the smbadm join command to succeed.

If Active Directory (AD) is configured, the Oracle Solaris SMB service attempts to locate the domain controller by means of DNS. If the service cannot locate the domain controller, you must use SMF to configure DNS properly.

The following configuration issues might prevent you from configuring the Oracle Solaris SMB service in domain mode:

  • Missing DNS domain. Ensure that the fully qualified AD domain name has been added to the search list or as the local domain.

    If your configuration is incorrect, you might see the Failed to join domain domain-name (INVALID_PARAMETER) error when attempting to join the domain.

  • Missing DNS server. Ensure that the IP address of the AD DNS server is added as the name server.

    If your configuration is incorrect, you might see the Failed to find any domain controllers error when attempting to join the domain.

  • DNS host lookup not used. Ensure that DNS is used for host lookup.

Use the svccfg command to update properties for system/name-service/switch and network/dns/client. See the svccfg (1M) man page.

Ensure That You Specify the Correct Password for Your Domain User

The user that you specify on the smbadm join command line must have the correct password and the authority to create computer accounts.

The following error message appears if you supply the wrong password for the administrative user:

Failed to find any domain controllers for domain-name

Ensure the Firewall Software Does Not Filter Out Required Ports

Some firewall software might filter out certain ports, which will prevent a Oracle Solaris SMB server from successfully joining a domain.

For example, the following error message appears if the Kerberos Change & Set Password port is filtered out:

smbd[446]: [daemon.error] smbns_kpasswd: KPASSWD protocol exchange failed ...

The following network protocols are used by the smbd service during a domain join operation, and must be available for the Oracle Solaris SMB service:

Domain Name Service (DNS)

53

Kerberos V Authentication

88

Kerberos V Change & Set Password (SET_CHANGE)

464

Kerberos V Change & Set Password (RPCSEC_GSS)

749

LDAP

389

NetBIOS Datagram

138

NetBIOS Name Service

137

SMB-over-NetBIOS

139

SMB-over-TCP

445

Port assignment settings appear in the /etc/services file. For more information, see the services (4) man page.

Copyright © 2007, 2014, Oracle and/or its affiliates. All rights reserved. Legal Notices
Previous
Next