I have a FreeNAS setup that works in every way needed, but was bound to Active Directory using a personal account of a domain admin rather than its own.
I have created a new user under the domain "FreeNAS LDAP" (or DOMAIN\freenas) with the basic permissions required. However, trying to change the domain account name and password (under Directory Service -> Active Directory) fails with:
{'desc': 'Invalid credentials', 'info': '80090308: LdapErr: DSID-0C0903CF, comment: AcceptSecurityContext error, data 52e, v2580'}
Upon further investigation including using my own AD credentials, I found that this error pops up no matter what credentials are used, except for the credentials already in there. Which is to say this domain admin, and only this specific domain admin's credentials can be used now.
I'm not completely certain if this is a bug or something that was set up wrong along the way, but would appreciate if anyone had an idea of what to do. I had considered purging the settings for AD, but I don't know how and am a bit nervous about doing so as it might also reset all the nice permissions on all the shares if I do.
By god I'm almost willing to, though.
I have created a new user under the domain "FreeNAS LDAP" (or DOMAIN\freenas) with the basic permissions required. However, trying to change the domain account name and password (under Directory Service -> Active Directory) fails with:
{'desc': 'Invalid credentials', 'info': '80090308: LdapErr: DSID-0C0903CF, comment: AcceptSecurityContext error, data 52e, v2580'}
Upon further investigation including using my own AD credentials, I found that this error pops up no matter what credentials are used, except for the credentials already in there. Which is to say this domain admin, and only this specific domain admin's credentials can be used now.
I'm not completely certain if this is a bug or something that was set up wrong along the way, but would appreciate if anyone had an idea of what to do. I had considered purging the settings for AD, but I don't know how and am a bit nervous about doing so as it might also reset all the nice permissions on all the shares if I do.
By god I'm almost willing to, though.