metal_guitarist
Cadet
- Joined
- Dec 18, 2014
- Messages
- 3
Currently on 9.3, ZFS2 (4 disks), 4 CIFS shares. I had AD integration working fine up until Monday on 9.2 where for some reason it started refusing authentication to the shares, telling me my username/password was incorrect (it wasn't). Tried restarting the directory services and CIFS service and it didn't fix the issue, so I thought I'd take the opportunity to upgrade to 9.3 and see if that fixed my problem. Now I can't even get the directory service started. I enter my domain information, tick enable and hit save. I then get an error message saying "the service could not be restarted". It won't join the domain. I've reset the computer account in AD too.
Tried following steps here: https://forums.freenas.org/index.php?threads/upgrading-to-9-2-b2-breaks-ad.16897/[1] in John Hixson's post about halfway down the page to no avail, the service status for ix-kinit shows as "1" instead of "0" and that's just in the first section. Manually starting won't change it to 0.
My smb4.conf file shows domain logons = yes but server role = standalone rather than member server. Manually setting the file to member server and then running net ads join domain.com errors with "this operation is only allowed for the PDC of the domain". I only have 1 domain controller in my environment.
I can get a Kerberos ticket if I run "kinit" and it shows up under "klist".
Ping to winbind is successful.
"Wbinfo -u" only shows the root account
"wbinfo -t" could not check secret, NT_STATUS_NO_SUCH_DOMAIN (0xc00000df), WBC_ERR_AUTH_ERROR.
What have I missed here? I'm not a complete Linux/UNIX novice but hardly an expert. This was working fine before.
Edit - Bug #7257 raised
Tried following steps here: https://forums.freenas.org/index.php?threads/upgrading-to-9-2-b2-breaks-ad.16897/[1] in John Hixson's post about halfway down the page to no avail, the service status for ix-kinit shows as "1" instead of "0" and that's just in the first section. Manually starting won't change it to 0.
My smb4.conf file shows domain logons = yes but server role = standalone rather than member server. Manually setting the file to member server and then running net ads join domain.com errors with "this operation is only allowed for the PDC of the domain". I only have 1 domain controller in my environment.
I can get a Kerberos ticket if I run "kinit" and it shows up under "klist".
Ping to winbind is successful.
"Wbinfo -u" only shows the root account
"wbinfo -t" could not check secret, NT_STATUS_NO_SUCH_DOMAIN (0xc00000df), WBC_ERR_AUTH_ERROR.
What have I missed here? I'm not a complete Linux/UNIX novice but hardly an expert. This was working fine before.
Edit - Bug #7257 raised
Last edited:
