AD Service won't start

[TJ Wenger]

Hello,

I'm having difficulty and I've perused the forums to no Avail. I'm sure this is a simple problem.

My AD service refuses to start. All my settings are correct, and verified. The user is a specific user (Domain Admin) created for my FreeNas Box. I can also Verify the User is authenticating on the PDC. So I'm pretty stumped as to why the service wont start :( I can ping the PDC, which is also my NTP server, and the PDC can ping the FreeNAS box. Any tips trick or advice? I've been looking for a diagnostic command to give some output for you guys but I've always been a Windows (Sorry) guy so if there is a command I can issue in Shell to give you a decent output of whats going on I will gladly do so.

Edit: More to add

I found a Log, look slike Winbind isn't started, and needs to be enabled? How Would I go about this? (Here is the log)

Aug 29 12:02:28 freenas notifier: ldap_bind: Invalid credentials (49)
Aug 29 12:02:28 freenas notifier: additional info: 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece
Aug 29 12:02:28 freenas notifier: ldap_bind: Invalid credentials (49)
Aug 29 12:02:28 freenas notifier: additional info: 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece
Aug 29 12:02:28 freenas notifier: ldap_bind: Invalid credentials (49)
Aug 29 12:02:28 freenas notifier: additional info: 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece
Aug 29 12:02:28 freenas notifier: kinit: krb5_get_init_creds: Wrong realm
Aug 29 12:02:39 freenas notifier: ldap_bind: Invalid credentials (49)
Aug 29 12:02:39 freenas notifier: additional info: 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 525, vece
Aug 29 12:02:39 freenas notifier: No realm set, are we joined ?
Aug 29 12:02:40 freenas notifier: winbindd not running? (check /var/run/samba/winbindd.pid).

The LDAP Credentials confuse me, as I can see the user authenticating on the Domain Controller.

Thank you,

TJ

 

[praecorloth]

Heeey a fellow Minnesotan! Hiya!

Alright for diagnostics, there's an option in Settings, and then Advanced. Show console messages in the footer. That will give you error messages as they appear.

Just to double check one of the common pitfalls, did you remember to set your PDC as Nameserver 1 in the Network Settings?

 

[TJ Wenger]

Heeey a fellow Minnesotan! Hiya!

Alright for diagnostics, there's an option in Settings, and then Advanced. Show console messages in the footer. That will give you error messages as they appear.

Just to double check one of the common pitfalls, did you remember to set your PDC as Nameserver 1 in the Network Settings?

Thanks for the reply. Always nice to see another Minnesotan somewhere on here!

Yes, Nameserver 1 = PDC.

Verified all Global settings match what are entered into the AD settings. Have stopped, force synced, and restarted the NTP service.

In going through the command line, I've discovered that in some config file, somewhere (again, new to linux) "samba_enable = No" and "winBind_enable = No" I get that when I try to start the services manually. Does anybody know where these config files are?

Also, I looked at the samba.conf file, and the global settings seem off to me (it just doesn't look right form everything else BSD related) But I could be way off base here as well.

Any suggestions? I'm open to try anything.

 

[William Grzybowski]

Give it a try in the latest nightly image.
There have been several changes to AD integration, including verbose logging.