Unable to map AD-enabled NSS volume using AD user

  • 7017285
  • 22-Feb-2016
  • 19-Apr-2016


Novell Open Enterprise Server 2015


Unable to map AD-enabled NSS volume using AD user
Error: "Server not found in Kerberos database"


1) Verify the computer object was added to AD when the OES2015 server joined the AD Domain
2) Verify the volume is AD-enabled
Run "nss /volumes" at a commandline and verify that it shows "AD Enabled"
3) Verify nitconfig settings
Run "nitconfig get" at a commandline and verify these settings:
 - ad-gc-server=<IP_of_AD_Domain_Controller>
 - ad-joined-doimain=ADDOMAIN.COM
 - ad-mode=yes
4) Verify User's rights / Domain Admins membership
Run "nitconfig get" and get the value of ad-supervisor-group.  Members of this AD group have supervisor rights to the AD-enabled volumes on the OES2015 server.  Before other users can access the NSS volumes, they will need to have rights assigned using NFARM, NURM, or the rights command on the OES2015 server.
NURM transfers assigned rights.  It does not transfers rights inherited from groups and eDirectory objects.
5) Verify that reverse DNS lookups for the OES2015 server's IP address return the AD domain.
"nslookup" should return oes-server.addomain.com
6) Use the DNS name that matches the computer name and AD domain (ie. oes-server.addomain.com)
Get the exact computer name from "computers" in AD.  The IP address or any other name will not allow you to connect with an AD user.  You can connect using just the computer name, if the AD domain is in the workstation's DNS search list and is the first one containing the computer name.