CIFS
Working around CIFS/Kerberos case sensitivity bug in 2.2 and 3.0
There is a known bug in the kerberos package which breaks ticketing in Nexenta if your domain name (in the case of active directory users) is mixed case or all upper case. Because kerberos requires all lower case this causes ticket errors that can be hard to trace down.
This document will outline how to work around the problem until OpenSolaris developers fix it permanently.
Make sure you have already joined the domain via NMV then proceed with this document.
Here are the steps required to work around this problem:
From NMC run
- option expert_mode=1 -s
- !bash
Answer "y" to the question to get to a true bash shell.
Required repository packages: sunwkdc sunwlldap
Make sure both of these are using svn_134 or better from the OVN. Run these from a bash shell. (not NMC)
- apt-get install sunwkdcu sunwlldap
- kclient -T ms_ad
Then you have to fix idmap's domain name entry:
svccfg -s idmap setprop config/domain_name = astring: domainname.ext (lowercase here)
svcadm refresh idmap
Verify that your /etc/krb5/krb5.keytab looks something like this:
klist -k output
8 host/hostname.domain.local@DOMAIN.LOCAL 8 host/hostname.domain.local@DOMAIN.LOCAL 8 host/hostname.domain.local@DOMAIN.LOCAL 8 host/hostname.domain.local@DOMAIN.LOCAL 8 nfs/hostname.domain.local@DOMAIN.LOCAL 8 nfs/hostname.domain.local@DOMAIN.LOCAL 8 nfs/hostname.domain.local@DOMAIN.LOCAL 8 nfs/hostname.domain.local@DOMAIN.LOCAL 8 HTTP/hostname.domain.local@DOMAIN.LOCAL 8 HTTP/hostname.domain.local@DOMAIN.LOCAL 8 HTTP/hostname.domain.local@DOMAIN.LOCAL 8 HTTP/hostname.domain.local@DOMAIN.LOCAL 8 root/hostname.domain.local@DOMAIN.LOCAL 8 root/hostname.domain.local@DOMAIN.LOCAL 8 root/hostname.domain.local@DOMAIN.LOCAL 8 root/hostname.domain.local@DOMAIN.LOCAL 8 cifs/hostname.domain.local@DOMAIN.LOCAL 8 cifs/hostname.domain.local@DOMAIN.LOCAL 8 cifs/hostname.domain.local@DOMAIN.LOCAL 8 cifs/hostname.domain.local@DOMAIN.LOCAL 8 HOSTNAME$@DOMAIN.LOCAL 8 HOSTNAME$@DOMAIN.LOCAL 8 HOSTNAME$@DOMAIN.LOCAL 8 HOSTNAME$@DOMAIN.LOCAL
As long as everything in your FQDN before the @REALM (in this case @DOMAIN.LOCAL) is lowercase this SHOULD fix your CIFS shares (if the problem is related to a mixed case/all uppercase domain name)