Active Directory AD [EINVAL] Error Message

PointyBits

Cadet
Joined
Sep 29, 2021
Messages
3
Hello TrueNAS community!

I was working on setting up TrueNAS within a VirtualBox VM, and along the way it became necessary to try connecting it to an existing AD. After making sure the VM was registered on the network and able to ping the outside world, I went ahead and put in AD credentials (domain etc.) And got the following error...
MicrosoftTeams-image.png


I'm not quite sure how to proceed since I followed some diagnostic suggestions as outlined in another post (Active Direcotry State Faulted! link), and was able to get...
MicrosoftTeams-image (1).png

Clearly it's not establishing a connection to the AD, I would just like to know how to read the error and figure out where the problem is.

The full error message traceback is
Code:
Error: Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/middlewared/job.py", line 382, in run
await self.future
File "/usr/lib/python3/dist-packages/middlewared/job.py", line 418, in __run_body
rv = await self.method(*([self] + args))
File "/usr/lib/python3/dist-packages/middlewared/plugins/activedirectory.py", line 696, in start
await self.middleware.call('activedirectory.set_kerberos_servers', ad)
File "/usr/lib/python3/dist-packages/middlewared/main.py", line 1305, in call
return await self._call(
File "/usr/lib/python3/dist-packages/middlewared/main.py", line 1273, in _call
return await self.run_in_executor(prepared_call.executor, methodobj, *prepared_call.args)
File "/usr/lib/python3/dist-packages/middlewared/main.py", line 1177, in run_in_executor
return await loop.run_in_executor(pool, functools.partial(method, *args, **kwargs))
File "/usr/lib/python3.9/concurrent/futures/thread.py", line 52, in run
result = self.fn(*self.args, **self.kwargs)
File "/usr/lib/python3/dist-packages/middlewared/plugins/activedirectory.py", line 1247, in set_kerberos_servers
self.middleware.call_sync(
File "/usr/lib/python3/dist-packages/middlewared/main.py", line 1321, in call_sync
return self.run_coroutine(methodobj(*prepared_call.args))
File "/usr/lib/python3/dist-packages/middlewared/main.py", line 1361, in run_coroutine
return fut.result()
File "/usr/lib/python3.9/concurrent/futures/_base.py", line 433, in result
return self.__get_result()
File "/usr/lib/python3.9/concurrent/futures/_base.py", line 389, in __get_result
raise self._exception
File "/usr/lib/python3/dist-packages/middlewared/service.py", line 838, in update
rv = await self.middleware._call(
File "/usr/lib/python3/dist-packages/middlewared/main.py", line 1262, in _call
return await methodobj(*prepared_call.args)
File "/usr/lib/python3/dist-packages/middlewared/schema.py", line 1092, in nf
res = await f(*args, **kwargs)
File "/usr/lib/python3/dist-packages/middlewared/schema.py", line 1181, in nf
args, kwargs = clean_and_validate_args(args, kwargs)
File "/usr/lib/python3/dist-packages/middlewared/schema.py", line 1175, in clean_and_validate_args
raise verrors
middlewared.service_exception.ValidationErrors: [EINVAL] kerberos_realm_update.kdc: Not a list
[EINVAL] kerberos_realm_update.admin_server: Not a list
[EINVAL] kerberos_realm_update.kpasswd_server: Not a list
 

PointyBits

Cadet
Joined
Sep 29, 2021
Messages
3
Apologies for not clarifying in the original post, TrueNAS-SCALE-21.08-BETA.1
The flow after putting together the VM and first Zpool was...
Credentials > Directory Services > Configure Active Directory > entered in values (not pictured is the "Enable (requires password) tick" which was ticked)
Screenshot_20210930_141129.png


after which the message from the first post was thrown. I'm trying to understand the messages about Kerberos given that the Domain Account Name + Pass, because some sort of validation seems to be occurring (when I use the wrong pass word, I get the correct error rejecting the attempt).
 

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,546
Yeah, it's a bug. That particular code path didn't get followed in automated testing (basically, in cases where our AD site has many DCs, we populate the kerberos config with site-specific ones rather than entirely relying on DNS to find them).
 

PointyBits

Cadet
Joined
Sep 29, 2021
Messages
3
update: Thank you very much it seems to be fixed and running smoothly on my SCALE installation! However I'm experiencing the same issue on my CORE installation (tried 12.1 nightly after failing on 12.0 with similar issues to the ones documented above). Was this issue fixed in both distributions of TrueNAS or only SCALE?
 

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,546
update: Thank you very much it seems to be fixed and running smoothly on my SCALE installation! However I'm experiencing the same issue on my CORE installation (tried 12.1 nightly after failing on 12.0 with similar issues to the ones documented above). Was this issue fixed in both distributions of TrueNAS or only SCALE?
12.1 hasn't been updated for a long time, will have 13 release soon.
 

Helediron

Cadet
Joined
Aug 13, 2021
Messages
2
Okay. Merged fix into master. Should be in tomorrow's nightly build.
Hi, I got same error in Scale 21.08 beta2 on fresh test server. Did the fix miss beta2? I tried to update to nightly but got upload error 0 from manual update.
Is there a workaround? I have three DCs on same (single) site.
 

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,546
Hi, I got same error in Scale 21.08 beta2 on fresh test server. Did the fix miss beta2? I tried to update to nightly but got upload error 0 from manual update.
Is there a workaround? I have three DCs on same (single) site.
21.08 BETA2 was limited in scope to just two or three bugfixes. The AD fix for this edge case bill be in RC1 (and should currently be in master.
 

Helediron

Cadet
Joined
Aug 13, 2021
Messages
2
Thank you. I installed last night's build TrueNAS-SCALE-22.02-MASTER-20211017-015837, and indeed it was fixed there. Now the server is a happy member of my domain, and i have been able to copy data both ways.
 

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,546
Thank you. I installed last night's build TrueNAS-SCALE-22.02-MASTER-20211017-015837, and indeed it was fixed there. Now the server is a happy member of my domain, and i have been able to copy data both ways.
Great. Glad to hear it. There are unfortunately some edge-case gaps in our automated regression testing. AD environments with sites defined and significant numbers of DCs is currently an area of possible regression that we need to close up.
 
Top