AD authentication problem after upgraded to 9.1.0

[evermick]

Hi there,

I have just done upgrade via GUI from 8.3 to 9.1.0

Right after upgrade, I notice that Active Directory "ON/OFF" button is gone under services tab in GUI menu.

I then further find out the Active Directory authentication is not working.

I tried to re-enter all info under Services -> Directory Services -> Active Directory. Right after I click "OK" button, a message on the very top of the GUI menu says "The service failed to restart".

kinit works fine and klist could show the ticket

when I try to net ads join -U admin(no matter with or without -S), it will straight output the following error message WITHOUT asking for password

Host is not configured as a member server.
Invalid configuration. Exiting....
Failed to join domain: This operation is only allowed for the PDC of the domain.

net ads testjoin -U admin will ask for password, but then:

ads_connect: No logon servers
Join to domain is not valid: No logon servers
I have been search Google but still have no clues. And sorry, I am not very familiar with Linux...
I have attached debug log for Active Directory conf dump. Anyone can help please?

 

[Oleksii]

same issue with similar path - GUI upgrade 8.0.2 via 8.3 to 9.1 - AD no more
after startup winbind is not running
configuring AD doesn't help - "service could not be restarted"
in /usr/local/etc/smb.conf no traces of domain configuration as I would expect from my linux experience
any suggestions?

 

[dlavigne]

Just to be clear, is the AD service selected in Settings as described in http://doc.freenas.org/index.php/Directory_Services?

If so, please create a ticket at support.freenas.org which contains the above error messages.

 

[jorevf]

I have the same problem and have done some peeking around..
In 8.3.1 code AD_init() is found in rc.freenas but in 9.1.0 it's not found in any of the rc.freenas or rc.subr files..

Could 9.1.0 been compiled with some incomplete files?

Regards,
Freddie

Hi there,

I have just done upgrade via GUI from 8.3 to 9.1.0

Right after upgrade, I notice that Active Directory "ON/OFF" button is gone under services tab in GUI menu.

I then further find out the Active Directory authentication is not working.

I tried to re-enter all info under Services -> Directory Services -> Active Directory. Right after I click "OK" button, a message on the very top of the GUI menu says "The service failed to restart".

kinit works fine and klist could show the ticket

when I try to net ads join -U admin(no matter with or without -S), it will straight output the following error message WITHOUT asking for password

Host is not configured as a member server.
Invalid configuration. Exiting....
Failed to join domain: This operation is only allowed for the PDC of the domain.

net ads testjoin -U admin will ask for password, but then:

ads_connect: No logon servers
Join to domain is not valid: No logon servers
I have been search Google but still have no clues. And sorry, I am not very familiar with Linux...
I have attached debug log for Active Directory conf dump. Anyone can help please?

 

[jhahn]

Hi,

there is a new option under: Setting=>General=>Directory Service
You must enable Active Directory, then you become Active Directory running.

Regards,
Johann

 

[jorevf]

This did work..
I did some additional peeking, and realized that it did not get correct information from system_settings while looking for what type of directory service that was active..
But had no time today to investigate it further!

Thx Johann!

Regards,
Freddie

Hi,

there is a new option under: Setting=>General=>Directory Service
You must enable Active Directory, then you become Active Directory running.

Regards,
Johann

 

[evermick]

Hi,

there is a new option under: Setting=>General=>Directory Service
You must enable Active Directory, then you become Active Directory running.

Regards,
Johann

Didn't release the new option. This works like a charm. Thanks!

 

[Daniel-san]

I'm have the same problem as described by OP.
did the GUI upgrade form 8.3.0 to 9.1 and my active directory no longer works - unable to rejoin to domain.

here's my shell log:

Aug 12 12:00:32 freenas ActiveDirectory: /usr/local/bin/python /usr/local/www/freenasUI/middleware/notifier.py stop cifs
Aug 12 12:00:33 freenas notifier: Stopping dbus.
Aug 12 12:00:33 freenas avahi-daemon[18513]: Disconnected from D-Bus, exiting.
Aug 12 12:00:33 freenas notifier: Waiting for PIDS: 18483.
Aug 12 12:00:33 freenas notifier: dbus not running? (check /var/run/dbus/dbus.pid).
Aug 12 12:00:33 freenas notifier: Starting dbus.
Aug 12 12:00:33 freenas notifier: Stopping avahi-daemon.
Aug 12 12:00:33 freenas notifier: Failed to kill daemon: No such file or directory
Aug 12 12:00:33 freenas notifier: Stopping avahi-daemon.
Aug 12 12:00:33 freenas notifier: Failed to kill daemon: No such file or directory
Aug 12 12:00:33 freenas notifier: Starting avahi-daemon.
Aug 12 12:00:33 freenas avahi-daemon[20116]: WARNING: No NSS support for mDNS detected, consider installing nss-mdns!
Aug 12 12:00:33 freenas notifier: winbindd not running? (check /var/run/samba/winbindd.pid).
Aug 12 12:00:33 freenas notifier: smbd not running? (check /var/run/samba/smbd.pid).
Aug 12 12:00:33 freenas notifier: nmbd not running? (check /var/run/samba/nmbd.pid).
Aug 12 12:00:34 freenas ActiveDirectory: /usr/sbin/service ix-kerberos quietstart
Aug 12 12:00:34 freenas ActiveDirectory: AD_init: config exists, loading values from /etc/directoryservice/ActiveDirectory/config
Aug 12 12:00:34 freenas ActiveDirectory: generate_krb5_conf: krbhost=WINDOWS2012, kpwdhost=WINDOWS2012, domainname=goneau.ca
Aug 12 12:00:34 freenas ActiveDirectory: /usr/sbin/service ix-nsswitch quietstart
Aug 12 12:00:34 freenas ActiveDirectory: /usr/sbin/service ix-pam quietstart
Aug 12 12:00:34 freenas ActiveDirectory: /usr/sbin/service ix-kinit quietstart
Aug 12 12:00:34 freenas ActiveDirectory: AD_init: config exists, loading values from /etc/directoryservice/ActiveDirectory/config
Aug 12 12:00:34 freenas ActiveDirectory: kerberos_start: kinit --password-file=/tmp/tmp.j1R3iJo6 svc-freenas@GONEAU.CA
Aug 12 12:00:34 freenas ActiveDirectory: kerberos_start: Failed
Aug 12 12:00:44 freenas ActiveDirectory: /usr/sbin/service ix-kinit status
Aug 12 12:00:44 freenas ActiveDirectory: AD_init: config exists, loading values from /etc/directoryservice/ActiveDirectory/config
Aug 12 12:00:44 freenas ActiveDirectory: kerberos_status: klist -l | grep -q ^svc-freenas@GONEAU.CA
Aug 12 12:00:44 freenas ActiveDirectory: kerberos_status: Failed

 

[Daniel-san]

and to be clear - as a the last posts suggest: under system, settings general. my directory service is and always was "active directory"

 

[Chrisiesmit93]

I have exactly the same problem and errors as described here, my directory service is "Active Directory".

 

[Zero Negative]

Same problem here, I cannot even start the Directory Services. I have the console messages if necessary..

 

[Chrisiesmit93]

Maybe there is a solution:
http://support.freenas.org/ticket/2544

Will try it tomorrow!

 

[Daniel-san]

still experiencing the same issues. I have deleting config files via ftp on the freeness - no luck.
I did lots of poking around on my DC... fixed a lot of BPA errors I had.. getting different errors now.. but still no luck.

to be honest, my time was off from my FN and DC... but they're the same now, and both pointing to the same time source.

 

[JAVADawg]

I set up a FreeNas 9.1 from scratch and spent several days trying to get it to connect to my Windows 2003 AD. What finally worked is this:

• Under Global Configuration put my hostname as I defined it (mixed case) and fully qualified my domain name (e.g. b5domain.com)
• In Directory Service setup
  • domain name looks like above
  • net bios name is all caps (hostname of my FreeNas box)
  • workgroup name is all caps in the old style (e.g. B5DOMAIN)
  • Domain controller I put the IP of my DC
• In CIFS turned off "zeroconf share"

I went through dozens and dozens of permutations before the above worked for me.