Project

General

Profile

Bug #5316

allow smbadm join to use RPC

Added by Gordon Ross almost 5 years ago. Updated almost 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
-
Start date:
2014-11-13
Due date:
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:
needs-triage

Description

By default, "smbadm join" uses Kerberos, which requires editing /etc/krb5/krb5.conf correctly (among other things). Even when one manages to get that right, the idmap service and the smb service may end up using a different AD server, which can cause problems like stale or missing machine account data.

To get around all of this (at least temporarily) it's often simpler to use RPC-style join, which doesn't have any of those problems.
To use RPC-style join, set this idmap parameter:

  svccfg -s system/idmap setprop config/use_ads = boolean: false

One caveat however: With RPC-style join, idmap does not talk to AD, so IDMU mode is precluded with this configuration.

History

#1

Updated by Electric Monk almost 5 years ago

  • % Done changed from 0 to 100
  • Status changed from New to Closed

git commit 1ed6b69a5ca1ca3ee5e9a4931f74e2237c7e1c9f

commit  1ed6b69a5ca1ca3ee5e9a4931f74e2237c7e1c9f
Author: Gordon Ross <gwr@nexenta.com>
Date:   2014-11-18T19:17:36.000Z

    5316 allow smbadm join to use RPC
    Reviewed by: Bayard Bell <bayard.bell@nexenta.com>
    Reviewed by: Dan McDonald <danmcd@nexenta.com>
    Reviewed by: Thomas Keiser <thomas.keiser@nexenta.com>
    Reviewed by: Matthew Ahrens <mahrens@delphix.com>
    Approved by: Robert Mustacchi <rm@joyent.com>

Also available in: Atom PDF