allow smbadm join to use RPC
By default, "smbadm join" uses Kerberos, which requires editing /etc/krb5/krb5.conf correctly (among other things). Even when one manages to get that right, the idmap service and the smb service may end up using a different AD server, which can cause problems like stale or missing machine account data.
To get around all of this (at least temporarily) it's often simpler to use RPC-style join, which doesn't have any of those problems.
To use RPC-style join, set this idmap parameter:
svccfg -s system/idmap setprop config/use_ads = boolean: false
One caveat however: With RPC-style join, idmap does not talk to AD, so IDMU mode is precluded with this configuration.
Updated by Electric Monk over 5 years ago
- % Done changed from 0 to 100
- Status changed from New to Closed
commit 1ed6b69a5ca1ca3ee5e9a4931f74e2237c7e1c9f Author: Gordon Ross <email@example.com> Date: 2014-11-18T19:17:36.000Z 5316 allow smbadm join to use RPC Reviewed by: Bayard Bell <firstname.lastname@example.org> Reviewed by: Dan McDonald <email@example.com> Reviewed by: Thomas Keiser <firstname.lastname@example.org> Reviewed by: Matthew Ahrens <email@example.com> Approved by: Robert Mustacchi <firstname.lastname@example.org>