Hi all:
We had some issues with our Active Directory servers overnight. They're all back up and healthy, and user authentication on workstations is working just fine.
On our ~50 computer network, we have about 4 workstations that are having trouble accessing our freenas system, which is joined as a member of the domain. All domain controllers are Windows 2016 servers.
On most computers, I can log in with my domain account, and transparently access the NAS. It "just works" like its supposed to.
On the computers that are having problems, when I log in to them, then try and access the NAS, I'm prompted for credentials. it doesn't matter what credentials I provide, permission is denied. I've tried my account (member of every admin group there is..), regular users, and even the domain admin account. They all come up as incorrect user/pass. But the bigger issue is that its asking at all....
Not really sure where to go with troubleshooting this. Its definitely talking to the server, so its not a DNS/IP/Firewall issue. klist on a non-working system shows tickets for the AD, but NOT for the NAS while working ones do show a ticket for the NAS. klist on the NAS shows a single ticket-granting ticket, still current, and attempts to renew it are successful (issued time is current; expire time remains the same, though). Oh, and I have removed and re-added one of the problem machines, with no change (of course deleting the computer account out of the AD while it was unjoined before rejoining).
I've also tried accessing it from a non-domain linux system with smbclient. Specifying domain credentials (in the form of domain.com/user) generates incorrect user/password errors.
Suggestions?
We had some issues with our Active Directory servers overnight. They're all back up and healthy, and user authentication on workstations is working just fine.
On our ~50 computer network, we have about 4 workstations that are having trouble accessing our freenas system, which is joined as a member of the domain. All domain controllers are Windows 2016 servers.
On most computers, I can log in with my domain account, and transparently access the NAS. It "just works" like its supposed to.
On the computers that are having problems, when I log in to them, then try and access the NAS, I'm prompted for credentials. it doesn't matter what credentials I provide, permission is denied. I've tried my account (member of every admin group there is..), regular users, and even the domain admin account. They all come up as incorrect user/pass. But the bigger issue is that its asking at all....
Not really sure where to go with troubleshooting this. Its definitely talking to the server, so its not a DNS/IP/Firewall issue. klist on a non-working system shows tickets for the AD, but NOT for the NAS while working ones do show a ticket for the NAS. klist on the NAS shows a single ticket-granting ticket, still current, and attempts to renew it are successful (issued time is current; expire time remains the same, though). Oh, and I have removed and re-added one of the problem machines, with no change (of course deleting the computer account out of the AD while it was unjoined before rejoining).
I've also tried accessing it from a non-domain linux system with smbclient. Specifying domain credentials (in the form of domain.com/user) generates incorrect user/password errors.
Suggestions?