AD Auth fix not persisting

[AgentZero]

For the longest time I didn't upgrade to 9.3 because of an issue getting AD integrated auth working - it was basically bug #7034. I have since gotten things working just fine, but have a stupid question about the fix.

The fix (as mentioned somewhere in the bug report) is to modify /etc/directoryservice/rc.ActiveDirectory as follows:

If i change the line in AD_join_domain()
_AD_tc "$(AD_get ad_timeout)" /usr/local/bin/net -k ads join "${domainname}"
#_AD_tc "$(AD_get ad_timeout)" /usr/local/bin/net -k ads join "${domainname} -S ${dchost} -p ${dcport}"

Everything works beautifully after this simple change - only problem is it doesn't persist a reboot. So my two questions are:
1. Has anyone else seen this? I don't think it was the root cause of the 7034 bug, but it was for me, and I was hoping after a recent update or two this would come down in the build train
2. How can I get this to persist? The old 'mount -uw' is a no go - is it really as simple as modifying the rc.ActiveDirectory in /conf/base/etc/directoryservice ?

Thanks

 

[dlavigne]

Just to confirm, setting the desired "AD timeout" in Directory Service -> Active Directory doesn't persist? Or do you need to specify an alternate port? Does including the port after a colon in the "Domain Name" persist the required port?

 

[AgentZero]

Just to confirm, setting the desired "AD timeout" in Directory Service -> Active Directory doesn't persist? Or do you need to specify an alternate port? Does including the port after a colon in the "Domain Name" persist the required port?

The change to the AD_join_Domain() function in /etc/directoryservices/rc.ActiveDirectory does not persist. Both the timeout and port in the GUI persist a reboot - but they did not allow the system to successfully join the domain. As soon as I drop the "-S ${dchost} -p ${dcport}" from the function, domain services start immediately.

 

[anodos]

Modifying /etc/directoryservices/rc.ActiveDirectory should not be needed in order to join a domain. Post your smb4.conf file or debug file.

 

[AgentZero]

smb4.conf

server max protocol = SMB2
encrypt passwords = yes
dns proxy = no
strict locking = no
oplocks = yes
deadtime = 15
max log size = 51200
max open files = 2357552
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
getwd cache = yes
guest account = nobody
map to guest = Bad User
obey pam restrictions = yes
directory name cache size = 0
kernel change notify = no
dfree command = /usr/local/libexec/samba/dfree
panic action = /usr/local/libexec/samba/samba-backtrace
nsupdate command = /usr/local/bin/samba-nsupdate -g
server string = FreeNAS Server
ea support = yes
store dos attributes = yes
hostname lookups = yes
acl allow execute always = true
acl check permissions = true
dos filemode = yes
multicast dns register = yes
domain logons = no
idmap config *: backend = tdb
idmap config *: range = 90000001-100000000
server role = member server
netbios name = STORAGE01
workgroup = LAB
realm = HOME.LAB
security = ADS
client use spnego = yes
cache directory = /var/tmp/.cache/.samba
local master = no
domain master = no
preferred master = no
winbind cache time = 7200
winbind offline logon = yes
winbind enum users = yes
winbind enum groups = yes
winbind nested groups = yes
winbind use default domain = no
winbind refresh tickets = yes
idmap config HOME: backend = rid
idmap config HOME: range = 20000-90000000
allow trusted domains = no
client ldap sasl wrapping = seal
template shell = /bin/sh
template homedir = /home/%D/%U
pid directory = /var/run/samba
smb passwd file = /var/etc/private/smbpasswd
private dir = /var/etc/private
create mask = 0666
directory mask = 0777
client ntlmv2 auth = yes
dos charset = CP437
unix charset = UTF-8
log level = 1