I had previously joined a FreeNAS 9.2.1.8 box to a Windows 2008 R2 domain and everything was working fine. After experiencing the problems described below I tried upgrading to 9.2.1.9 and still had the same problem.
I had a UID/GID mapping issue which you can read more about here. The short version is that I needed to change some UID/GID values from within Active Directory and I had a hard time getting those changes to propagate to FreeNAS.
I tried rebuilding the LDAP/AD cache. I tried rebooting the FreeNAS server. I tried re-joining it to the same domain. I tried rebooting the domain controller. I tried repeating these steps a few times in different orders. Not only was I unable to get the changes to propagate to FreeNAS, but now I can't even see domain users and groups through the GUI at all.
Things don't seem to be working 100% correctly because certain wbinfo commands execute just fine (maybe those that rely on cache?) and other commands related to active directory do not. The code block below starts off looking fine and then near the end all the commands start to fail.
I've also attached output from freenas-debug -a
I had a UID/GID mapping issue which you can read more about here. The short version is that I needed to change some UID/GID values from within Active Directory and I had a hard time getting those changes to propagate to FreeNAS.
I tried rebuilding the LDAP/AD cache. I tried rebooting the FreeNAS server. I tried re-joining it to the same domain. I tried rebooting the domain controller. I tried repeating these steps a few times in different orders. Not only was I unable to get the changes to propagate to FreeNAS, but now I can't even see domain users and groups through the GUI at all.
Things don't seem to be working 100% correctly because certain wbinfo commands execute just fine (maybe those that rely on cache?) and other commands related to active directory do not. The code block below starts off looking fine and then near the end all the commands start to fail.
Code:
[root@freenas] ~# wbinfo -P checking the NETLOGON dc connection to "dc.hq.flavordynamics.com" succeeded [root@freenas] ~# wbinfo -p Ping to winbindd succeeded [root@freenas] ~# wbinfo -u FREENAS\root FLAVORDYNAMICS\administrator FLAVORDYNAMICS\guest FLAVORDYNAMICS\krbtgt FLAVORDYNAMICS\marybethc FLAVORDYNAMICS\helenm FLAVORDYNAMICS\kristyc FLAVORDYNAMICS\steves FLAVORDYNAMICS\testu FLAVORDYNAMICS\qbdataserviceuser23 FLAVORDYNAMICS\mard FLAVORDYNAMICS\dolfd FLAVORDYNAMICS\dj FLAVORDYNAMICS\lizziel FLAVORDYNAMICS\colleenr FLAVORDYNAMICS\matta [root@freenas] ~# wbinfo -g FLAVORDYNAMICS\domain computers FLAVORDYNAMICS\domain controllers FLAVORDYNAMICS\schema admins FLAVORDYNAMICS\enterprise admins FLAVORDYNAMICS\cert publishers FLAVORDYNAMICS\domain admins FLAVORDYNAMICS\domain users FLAVORDYNAMICS\domain guests FLAVORDYNAMICS\group policy creator owners FLAVORDYNAMICS\ras and ias servers FLAVORDYNAMICS\allowed rodc password replication group FLAVORDYNAMICS\denied rodc password replication group FLAVORDYNAMICS\read-only domain controllers FLAVORDYNAMICS\enterprise read-only domain controllers FLAVORDYNAMICS\dnsadmins FLAVORDYNAMICS\dnsupdateproxy FLAVORDYNAMICS\customerservice FLAVORDYNAMICS\lab FLAVORDYNAMICS\it FLAVORDYNAMICS\executive FLAVORDYNAMICS\linuxworkstations FLAVORDYNAMICS\windowsworkstations [root@freenas] ~# wbinfo -t checking the trust secret for domain FLAVORDYNAMICS via RPC calls succeeded [root@freenas] ~# net ads join -S flavordynamics -U steves Enter steves's password: Failed to join domain: failed to lookup DC info for domain 'HQ.FLAVORDYNAMICS.COM' over rpc: Undetermined error [root@freenas] ~# wbinfo -r "FLAVORDYNAMICS\\steves" failed to call wbcGetGroups: WBC_ERR_DOMAIN_NOT_FOUND Could not get groups for user FLAVORDYNAMICS\\steves [root@freenas] ~# wbinfo --user-groups="FLAVORDYNAMICS\\steves" failed to call wbcGetGroups: WBC_ERR_DOMAIN_NOT_FOUND Could not get groups for user FLAVORDYNAMICS\\steves ###################################################### [root@freenas] ~# /usr/local/www/freenasUI/tools/cachetool.py keys w: FLAVORDYNAMICS du key: CN=Colleen Roberts,OU=Sales,OU=Departments,DC=hq,DC=flavordynamics,DC=com du key: CN=Dolf DeRovira Jr,OU=Executive,OU=Departments,DC=hq,DC=flavordynamics,DC=com du key: CN=Dolf DeRovira,OU=Executive,OU=Departments,DC=hq,DC=flavordynamics,DC=com du key: CN=Guest,CN=Users,DC=hq,DC=flavordynamics,DC=com du key: CN=Lizzie Li,OU=Lab,OU=Departments,DC=hq,DC=flavordynamics,DC=com du key: CN=Marybeth Curtis,OU=CustomerService,OU=Departments,DC=hq,DC=flavordynamics,DC=com du key: CN=Matt Araneta,OU=IT,OU=Departments,DC=hq,DC=flavordynamics,DC=com du key: CN=QBDataServiceUser23,CN=Users,DC=hq,DC=flavordynamics,DC=com du key: CN=Steve Stachurski,OU=IT,OU=Departments,DC=hq,DC=flavordynamics,DC=com du key: CN=krbtgt,CN=Users,DC=hq,DC=flavordynamics,DC=com du key: CN=Administrator,CN=Users,DC=hq,DC=flavordynamics,DC=com du key: CN=Helen Mossa,OU=CustomerService,OU=Departments,DC=hq,DC=flavordynamics,DC=com du key: CN=Kristy Callari,OU=Executive,OU=Departments,DC=hq,DC=flavordynamics,DC=com du key: CN=Marilyn DeRovira,OU=Executive,OU=Departments,DC=hq,DC=flavordynamics,DC=com du key: CN=Test User,CN=Users,DC=hq,DC=flavordynamics,DC=com dg key: CN=Allowed RODC Password Replication Group,CN=Users,DC=hq,DC=flavordynamics,DC=com dg key: CN=DnsUpdateProxy,CN=Users,DC=hq,DC=flavordynamics,DC=com dg key: CN=Domain Admins,CN=Users,DC=hq,DC=flavordynamics,DC=com dg key: CN=Domain Computers,CN=Users,DC=hq,DC=flavordynamics,DC=com dg key: CN=Domain Users,CN=Users,DC=hq,DC=flavordynamics,DC=com dg key: CN=RAS and IAS Servers,CN=Users,DC=hq,DC=flavordynamics,DC=com dg key: CN=Read-only Domain Controllers,CN=Users,DC=hq,DC=flavordynamics,DC=com dg key: CN=WindowsWorkstations,OU=FDComputers,DC=hq,DC=flavordynamics,DC=com dg key: CN=Cert Publishers,CN=Users,DC=hq,DC=flavordynamics,DC=com dg key: CN=CustomerService,OU=CustomerService,OU=Departments,DC=hq,DC=flavordynamics,DC=com dg key: CN=Denied RODC Password Replication Group,CN=Users,DC=hq,DC=flavordynamics,DC=com dg key: CN=DnsAdmins,CN=Users,DC=hq,DC=flavordynamics,DC=com dg key: CN=Domain Controllers,CN=Users,DC=hq,DC=flavordynamics,DC=com dg key: CN=Domain Guests,CN=Users,DC=hq,DC=flavordynamics,DC=com dg key: CN=Enterprise Admins,CN=Users,DC=hq,DC=flavordynamics,DC=com dg key: CN=Enterprise Read-only Domain Controllers,CN=Users,DC=hq,DC=flavordynamics,DC=com dg key: CN=Executive,OU=Executive,OU=Departments,DC=hq,DC=flavordynamics,DC=com dg key: CN=Group Policy Creator Owners,CN=Users,DC=hq,DC=flavordynamics,DC=com dg key: CN=IT,OU=IT,OU=Departments,DC=hq,DC=flavordynamics,DC=com dg key: CN=Lab,OU=Lab,OU=Departments,DC=hq,DC=flavordynamics,DC=com dg key: CN=LinuxWorkstations,OU=FDComputers,DC=hq,DC=flavordynamics,DC=com dg key: CN=Schema Admins,CN=Users,DC=hq,DC=flavordynamics,DC=com
I've also attached output from freenas-debug -a
Last edited:
