+--------------------------------------------------------------------------------+
+                      Active Directory Status @1679655274                       +
+--------------------------------------------------------------------------------+
Active Directory is ENABLED
debug finished in 0 seconds for Active Directory Status


+--------------------------------------------------------------------------------+
+                    Active Directory Run Status @1679655274                     +
+--------------------------------------------------------------------------------+
Unit winbindd.service could not be found.
+--------------------------------------------------------------------------------+
+                                   @1679655274                                  +
+--------------------------------------------------------------------------------+
+--------------------------------------------------------------------------------+
+                         SMB Service Status @1679655274                         +
+--------------------------------------------------------------------------------+
SMB will not start on boot.
debug finished in 0 seconds for SMB Service Status


+--------------------------------------------------------------------------------+
+                     Active Directory Settings @1679655274                      +
+--------------------------------------------------------------------------------+
{
  "id": 1,
  "domainname": "AESIR.COM",
  "bindname": "jahesus@aesir.com",
  "verbose_logging": true,
  "allow_trusted_doms": false,
  "use_default_domain": false,
  "allow_dns_updates": true,
  "disable_freenas_cache": false,
  "restrict_pam": false,
  "site": null,
  "timeout": 60,
  "dns_timeout": 10,
  "nss_info": null,
  "enable": true,
  "kerberos_principal": "",
  "createcomputer": "",
  "kerberos_realm": 1,
  "netbiosname": "truenas",
  "netbiosalias": []
}
debug finished in 0 seconds for Active Directory Settings


+--------------------------------------------------------------------------------+
+                           /etc/krb5.conf @1679655274                           +
+--------------------------------------------------------------------------------+

[appdefaults]
            pam = {
                   forwardable = true
                   ticket_lifetime = 86400
                   renew_lifetime = 86400
            }

[libdefaults]
            dns_lookup_realm = true
            dns_lookup_kdc = true
            ticket_lifetime = 24h
            clockskew = 300
            forwardable = true
            default_realm = AESIR.COM

[domain_realm]
            aesir.com = AESIR.COM
            .aesir.com = AESIR.COM
            AESIR.COM = AESIR.COM
            .AESIR.COM = AESIR.COM

[realms]
            AESIR.COM = {
                   default_domain = AESIR.COM
            }

[logging]
            default = SYSLOG:INFO:LOCAL7
debug finished in 0 seconds for /etc/krb5.conf


+--------------------------------------------------------------------------------+
+                         /etc/nsswitch.conf @1679655274                         +
+--------------------------------------------------------------------------------+

group: files winbind ldap
hosts: files dns mymachines
networks: files
passwd: files winbind ldap
shells: files
services: files
protocols: files
rpc: files
sudoers: files
netgroup: files ldap
debug finished in 0 seconds for /etc/nsswitch.conf


+--------------------------------------------------------------------------------+
+                           /etc/smb4.conf @1679655274                           +
+--------------------------------------------------------------------------------+


[global]
    rpc_daemon:mdssd = disabled
    rpc_server:mdssvc = disabled
    clustering = No
    include = registry
debug finished in 0 seconds for /etc/smb4.conf


+--------------------------------------------------------------------------------+
+                     Kerberos Tickets - 'klist' @1679655274                     +
+--------------------------------------------------------------------------------+
klist: No credentials cache found (filename: /tmp/krb5cc_0)
debug finished in 0 seconds for Kerberos Tickets - 'klist'


+--------------------------------------------------------------------------------+
+                   Kerberos Principals - 'ktutil' @1679655274                   +
+--------------------------------------------------------------------------------+
[]
debug finished in 0 seconds for Kerberos Principals - 'ktutil'


+--------------------------------------------------------------------------------+
+Active Directory Domain Info - 'midclt call activedirectory.domain_info' @1679655274+
+--------------------------------------------------------------------------------+
{
  "LDAP server": "192.168.1.187",
  "LDAP server name": "BaldrDC02.Aesir.com",
  "Realm": "AESIR.COM",
  "Bind Path": "dc=AESIR,dc=COM",
  "LDAP port": 389,
  "Server time": 1679687625,
  "KDC server": "192.168.1.187",
  "Server time offset": 32350,
  "Last machine account password change": 0
}
debug finished in 1 seconds for Active Directory Domain Info - 'midclt call activedirectory.domain_info'


+--------------------------------------------------------------------------------+
+            Active Directory Trust Secret - 'wbinfo -t' @1679655275             +
+--------------------------------------------------------------------------------+
could not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE
could not obtain winbind domain name!
failed to call wbcCheckTrustCredentials: WBC_ERR_WINBIND_NOT_AVAILABLE
Could not check secret
checking the trust secret for domain (null) via RPC calls failed
debug finished in 0 seconds for Active Directory Trust Secret - 'wbinfo -t'


+--------------------------------------------------------------------------------+
+         Active Directory NETLOGON connection - 'wbinfo -P' @1679655275         +
+--------------------------------------------------------------------------------+
could not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE
could not obtain winbind domain name!
failed to call wbcPingDc: WBC_ERR_WINBIND_NOT_AVAILABLE
checking the NETLOGON for domain[] dc connection to "" failed
debug finished in 0 seconds for Active Directory NETLOGON connection - 'wbinfo -P'


+--------------------------------------------------------------------------------+
+           Active Directory trusted domains - 'wbinfo -m' @1679655275           +
+--------------------------------------------------------------------------------+
failed to call wbcListTrusts: WBC_ERR_WINBIND_NOT_AVAILABLE
Could not list trusted domains
debug finished in 0 seconds for Active Directory trusted domains - 'wbinfo -m'


+--------------------------------------------------------------------------------+
+       Active Directory all domains - 'wbinfo --all-domains' @1679655275        +
+--------------------------------------------------------------------------------+
failed to call wbcListTrusts: WBC_ERR_WINBIND_NOT_AVAILABLE
debug finished in 0 seconds for Active Directory all domains - 'wbinfo --all-domains'


+--------------------------------------------------------------------------------+
+        Active Directory own domain - 'wbinfo --own-domain' @1679655275         +
+--------------------------------------------------------------------------------+
could not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE
could not obtain winbind domain name!
(null)
debug finished in 0 seconds for Active Directory own domain - 'wbinfo --own-domain'


+--------------------------------------------------------------------------------+
+     Active Directory online status - 'wbinfo --online-status' @1679655275      +
+--------------------------------------------------------------------------------+
failed to call wbcListTrusts: WBC_ERR_WINBIND_NOT_AVAILABLE
Could not show online-status
debug finished in 0 seconds for Active Directory online status - 'wbinfo --online-status'


could not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE
could not obtain winbind domain name!
+--------------------------------------------------------------------------------+
+    Active Directory domain info - 'wbinfo --domain-info=(null)' @1679655275    +
+--------------------------------------------------------------------------------+
could not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE
could not obtain winbind domain name!
failed to call wbcDomainInfo: WBC_ERR_WINBIND_NOT_AVAILABLE
Could not get domain info
debug finished in 0 seconds for Active Directory domain info - 'wbinfo --domain-info=(null)'


+--------------------------------------------------------------------------------+
+   Active Directory DC name - 'wbinfo --dsgetdcname="AESIR.COM"' @1679655275    +
+--------------------------------------------------------------------------------+
Could not find dc for "AESIR.COM"
debug finished in 0 seconds for Active Directory DC name - 'wbinfo --dsgetdcname="AESIR.COM"'


could not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE
could not obtain winbind domain name!
+--------------------------------------------------------------------------------+
+        Active Directory DC info - 'wbinfo --dc-info=(null)' @1679655275        +
+--------------------------------------------------------------------------------+
could not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE
could not obtain winbind domain name!
Could not find dc info (null)
debug finished in 0 seconds for Active Directory DC info - 'wbinfo --dc-info=(null)'


+--------------------------------------------------------------------------------+
+                Active Directory Users - 'wbinfo -u' @1679655275                +
+--------------------------------------------------------------------------------+
could not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE
could not obtain winbind domain name!
Error looking up domain users
+--------------------------------------------------------------------------------+
+               Active Directory Groups - 'wbinfo -g' @1679655275                +
+--------------------------------------------------------------------------------+
could not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE
could not obtain winbind domain name!
failed to call wbcListGroups: WBC_ERR_WINBIND_NOT_AVAILABLE
Error looking up domain groups
debug finished in 0 seconds for Active Directory Groups - 'wbinfo -g'


+--------------------------------------------------------------------------------+
+       Active Directory Join Status net -d 5 -k ads testjoin @1679655275        +
+--------------------------------------------------------------------------------+
INFO: Current debug levels:
  all: 5
  tdb: 5
  printdrivers: 5
  lanman: 5
  smb: 5
  rpc_parse: 5
  rpc_srv: 5
  rpc_cli: 5
  passdb: 5
  sam: 5
  auth: 5
  winbind: 5
  vfs: 5
  idmap: 5
  quota: 5
  acls: 5
  locking: 5
  msdfs: 5
  dmapi: 5
  registry: 5
  scavenger: 5
  dns: 5
  ldb: 5
  tevent: 5
  auth_audit: 5
  auth_json_audit: 5
  kerberos: 5
  drs_repl: 5
  smb2: 5
  smb2_credits: 5
  dsdb_audit: 5
  dsdb_json_audit: 5
  dsdb_password_audit: 5
  dsdb_password_json_audit: 5
  dsdb_transaction_audit: 5
  dsdb_transaction_json_audit: 5
  dsdb_group_audit: 5
  dsdb_group_json_audit: 5
WARNING: The option -k|--kerberos is deprecated!
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
INFO: Current debug levels:
  all: 5
  tdb: 5
  printdrivers: 5
  lanman: 5
  smb: 5
  rpc_parse: 5
  rpc_srv: 5
  rpc_cli: 5
  passdb: 5
  sam: 5
  auth: 5
  winbind: 5
  vfs: 5
  idmap: 5
  quota: 5
  acls: 5
  locking: 5
  msdfs: 5
  dmapi: 5
  registry: 5
  scavenger: 5
  dns: 5
  ldb: 5
  tevent: 5
  auth_audit: 5
  auth_json_audit: 5
  kerberos: 5
  drs_repl: 5
  smb2: 5
  smb2_credits: 5
  dsdb_audit: 5
  dsdb_json_audit: 5
  dsdb_password_audit: 5
  dsdb_password_json_audit: 5
  dsdb_transaction_audit: 5
  dsdb_transaction_json_audit: 5
  dsdb_group_audit: 5
  dsdb_group_json_audit: 5
Processing section "[global]"
doing parameter rpc_daemon:mdssd = disabled
doing parameter rpc_server:mdssvc = disabled
doing parameter clustering = No
doing parameter include = registry
doing parameter registry shares = yes
process_registry_service: service name global
Processing section "[GLOBAL]"
doing parameter directory mask = 0775
doing parameter netbios aliases = 
doing parameter dns proxy = false
doing parameter server multi channel support = False
doing parameter logging = file
doing parameter ntlm auth = False
doing parameter disable spoolss = true
doing parameter load printers = false
doing parameter printcap name = /dev/null
doing parameter log level = 1 auth_json_audit:3@/var/log/samba4/auth_audit.log
doing parameter winbind request timeout = 2
doing parameter bind interfaces only = True
doing parameter guest account = nobody
doing parameter netbios name = truenas
doing parameter fruit:nfs_aces = false
doing parameter max log size = 5120
doing parameter server min protocol = SMB2_02
doing parameter restrict anonymous = 2
doing parameter create mask = 0775
doing parameter fruit:zero_file_id = false
doing parameter unix charset = UTF-8
doing parameter workgroup = WORKGROUP
doing parameter syslog only = False
lpcfg_do_global_parameter: WARNING: The "syslog only" option is deprecated
doing parameter server string = TrueNAS Server
doing parameter idmap config * : range = 90000001 - 100000000
doing parameter idmap config * : backend = tdb
doing parameter security = ADS
doing parameter winbind enum users = true
doing parameter domain master = False
doing parameter server role = member server
doing parameter winbind cache time = 7200
doing parameter winbind enum groups = true
doing parameter template shell = /bin/sh
doing parameter client ldap sasl wrapping = seal
doing parameter allow trusted domains = false
doing parameter realm = AESIR.COM
doing parameter kerberos method = secrets and keytab
doing parameter preferred master = False
doing parameter winbind max domain connections = 10
doing parameter ads dns update = true
doing parameter template homedir = /var/empty
doing parameter winbind use default domain = false
doing parameter local master = False
pm_process() returned Yes
added interface enp11s0 ip=2605:a601:ada2:1500:dacb:8aff:febf:e2cb bcast= netmask=ffff:ffff:ffff:ffff::
added interface enp11s0 ip=192.168.1.174 bcast=192.168.1.255 netmask=255.255.255.0
Registering messaging pointer for type 2 - private_data=(nil)
Registered MSG_REQ_POOL_USAGE
Registering messaging pointer for type 11 - private_data=(nil)
Registering messaging pointer for type 12 - private_data=(nil)
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
Registering messaging pointer for type 1 - private_data=(nil)
Registering messaging pointer for type 5 - private_data=(nil)
Registering messaging pointer for type 51 - private_data=(nil)
added interface enp11s0 ip=2605:a601:ada2:1500:dacb:8aff:febf:e2cb bcast= netmask=ffff:ffff:ffff:ffff::
added interface enp11s0 ip=192.168.1.174 bcast=192.168.1.255 netmask=255.255.255.0
ldb: ltdb: tdb(/var/db/system/samba4/private/secrets.ldb): tdb_open_ex: could not open file /var/db/system/samba4/private/secrets.ldb: No such file or directory

ldb: Unable to open tdb '/var/db/system/samba4/private/secrets.ldb': No such file or directory
ldb: Failed to connect to '/var/db/system/samba4/private/secrets.ldb' with backend 'tdb': Unable to open tdb '/var/db/system/samba4/private/secrets.ldb': No such file or directory
Could not find machine account in secrets database: Failed to fetch machine account password for WORKGROUP from both secrets.ldb (Could not open secrets.ldb) and from /var/db/system/samba4/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
Opening cache file at /var/run/samba-lock/gencache.tdb
sitename_fetch: Returning sitename for realm 'AESIR.COM': "Default-First-Site-Name"
ads_dc_name: domain=WORKGROUP
sitename_fetch: Returning sitename for realm 'AESIR.COM': "Default-First-Site-Name"
get_sorted_dc_list: attempting lookup for name AESIR.COM (sitename Default-First-Site-Name)
saf_fetch: Returning "BaldrDC02.Aesir.com" for "AESIR.COM" domain
get_dc_list: preferred server list: "BaldrDC02.Aesir.com, *"
namecache_fetch: name AESIR.COM#1C found.
sitename_fetch: Returning sitename for realm 'AESIR.COM': "Default-First-Site-Name"
namecache_fetch: no entry for BaldrDC02.Aesir.com#20 found.
resolve_hosts: Attempting host lookup for name BaldrDC02.Aesir.com<0x20>
namecache_store: storing 1 address for BaldrDC02.Aesir.com#20: 192.168.1.187
get_dc_list: returning 2 ip addresses in an ordered list
get_dc_list: 192.168.1.187 192.168.1.209 
ads_try_connect: sending CLDAP request to 192.168.1.187 (realm: AESIR.COM)
Successfully contacted LDAP server 192.168.1.187
sitename_fetch: Returning sitename for realm 'AESIR.COM': "Default-First-Site-Name"
saf_fetch: Returning "BaldrDC02.Aesir.com" for "AESIR.COM" domain
get_dc_list: preferred server list: "BaldrDC02.Aesir.com, *"
resolve_ads: Attempting to resolve KDCs for AESIR.COM using DNS
sitename_fetch: Returning sitename for realm 'AESIR.COM': "Default-First-Site-Name"
namecache_fetch: name BaldrDC02.Aesir.com#20 found.
get_dc_list: returning 2 ip addresses in an ordered list
get_dc_list: 192.168.1.187 192.168.1.209 
saf_fetch: Returning "BaldrDC02.Aesir.com" for "AESIR.COM" domain
get_dc_list: preferred server list: "BaldrDC02.Aesir.com, *"
resolve_ads: Attempting to resolve KDCs for AESIR.COM using DNS
sitename_fetch: Returning sitename for realm 'AESIR.COM': "Default-First-Site-Name"
namecache_fetch: name BaldrDC02.Aesir.com#20 found.
get_dc_list: returning 2 ip addresses in an ordered list
get_dc_list: 192.168.1.187 192.168.1.209 
create_local_private_krb5_conf_for_domain: wrote file /var/run/samba-lock/smb_krb5/krb5.conf.WORKGROUP with realm AESIR.COM KDC list:
		kdc = 192.168.1.187
		kdc = 192.168.1.209

ads_dc_name: using server='BALDRDC02.AESIR.COM' IP=192.168.1.187
Join to domain is not valid: NT code 0xfffffff6
return code = -1
debug finished in 0 seconds for Active Directory Join Status net -d 5 -k ads testjoin


+--------------------------------------------------------------------------------+
+              Active Directory machine account status @1679655275               +
+--------------------------------------------------------------------------------+
[EFAULT] Failed to retrieve machine account status: Failed to set machine account: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/middlewared/main.py", line 196, in call_method
    result = await self.middleware._call(message['method'], serviceobj, methodobj, params, app=self)
  File "/usr/lib/python3/dist-packages/middlewared/main.py", line 1346, in _call
    return await self.run_in_executor(prepared_call.executor, methodobj, *prepared_call.args)
  File "/usr/lib/python3/dist-packages/middlewared/main.py", line 1249, in run_in_executor
    return await loop.run_in_executor(pool, functools.partial(method, *args, **kwargs))
  File "/usr/lib/python3.9/concurrent/futures/thread.py", line 52, in run
    result = self.fn(*self.args, **self.kwargs)
  File "/usr/lib/python3/dist-packages/middlewared/plugins/activedirectory_/health.py", line 55, in machine_account_status
    raise CallError(
middlewared.service_exception.CallError: [EFAULT] Failed to retrieve machine account status: Failed to set machine account: NT_STATUS_CANT_ACCESS_DOMAIN_INFO

debug finished in 1 seconds for Active Directory machine account status


+--------------------------------------------------------------------------------+
+Active Directory lookup DC - midclt call activedirectory.lookup_dc | jq @1679655276 +
+--------------------------------------------------------------------------------+
{
  "Information for Domain Controller": "192.168.1.187",
  "Response Type": "LOGON_SAM_LOGON_RESPONSE_EX",
  "GUID": "5e90a0d6-012a-4eaa-89cb-71d515d4ee83",
  "Forest": "Aesir.com",
  "Domain": "Aesir.com",
  "Domain Controller": "BaldrDC02.Aesir.com",
  "Pre-Win2k Domain": "AESIR",
  "Pre-Win2k Hostname": "BALDRDC02",
  "Server Site Name": "Default-First-Site-Name",
  "Client Site Name": "Default-First-Site-Name",
  "NT Version": 5,
  "LMNT Token": 65535,
  "LM20 Token": 65535,
  "Flags": {
    "Is a PDC": false,
    "Is a GC of the forest": true,
    "Is an LDAP server": true,
    "Supports DS": true,
    "Is running a KDC": true,
    "Is running time services": true,
    "Is the closest DC": true,
    "Is writable": true,
    "Has a hardware clock": false,
    "Is a non-domain NC serviced by LDAP server": false,
    "Is NT6 DC that has some secrets": false,
    "Is NT6 DC that has all secrets": true,
    "Runs Active Directory Web Services": true,
    "Runs on Windows 2012 or later": true
  }
}
debug finished in 0 seconds for Active Directory lookup DC - midclt call activedirectory.lookup_dc | jq


+--------------------------------------------------------------------------------+
+                     Active Directory SPN list @1679655276                      +
+--------------------------------------------------------------------------------+
[ENOKEY] Kerberos ticket is required.
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/middlewared/main.py", line 196, in call_method
    result = await self.middleware._call(message['method'], serviceobj, methodobj, params, app=self)
  File "/usr/lib/python3/dist-packages/middlewared/main.py", line 1335, in _call
    return await methodobj(*prepared_call.args)
  File "/usr/lib/python3/dist-packages/middlewared/plugins/activedirectory_/krb5.py", line 42, in get_spn_list
    await self.middleware.call("kerberos.check_ticket")
  File "/usr/lib/python3/dist-packages/middlewared/main.py", line 1386, in call
    return await self._call(
  File "/usr/lib/python3/dist-packages/middlewared/main.py", line 1335, in _call
    return await methodobj(*prepared_call.args)
  File "/usr/lib/python3/dist-packages/middlewared/plugins/kerberos.py", line 229, in check_ticket
    raise CallError("Kerberos ticket is required.", errno.ENOKEY)
middlewared.service_exception.CallError: [ENOKEY] Kerberos ticket is required.

debug finished in 0 seconds for Active Directory SPN list


+--------------------------------------------------------------------------------+
+                           idmap settings @1679655276                           +
+--------------------------------------------------------------------------------+
[
  {
    "id": 1,
    "name": "DS_TYPE_ACTIVEDIRECTORY",
    "dns_domain_name": null,
    "range_low": 100000001,
    "range_high": 200000000,
    "idmap_backend": "RID",
    "options": {},
    "certificate": null
  },
  {
    "id": 2,
    "name": "DS_TYPE_LDAP",
    "dns_domain_name": null,
    "range_low": 10000,
    "range_high": 90000000,
    "idmap_backend": "LDAP",
    "options": {
      "ldap_base_dn": "",
      "ldap_user_dn": "",
      "ldap_url": "",
      "ssl": "OFF"
    },
    "certificate": null
  },
  {
    "id": 5,
    "name": "DS_TYPE_DEFAULT_DOMAIN",
    "dns_domain_name": null,
    "range_low": 90000001,
    "range_high": 100000000,
    "idmap_backend": "TDB",
    "options": {},
    "certificate": null
  }
]
debug finished in 1 seconds for idmap settings


