Cannot join FreeNAS to Server 2012 R2 AD

[Chris Dill]

I have been running this FreeNAS box for almost a year with zero issues. A month ago, I migrated my domain to a new server, a Dell PowerEdge. I put Server 2012 R2 on it.

I started to experience problems keeping CIFS started, and activating AD service. There was a trick I read where I had to change it from AD to Domain Controller and back again. This past week, I lost connection to my ADS when I implimented IPv6. I did IPv6 to utilize DirectAccess through my Windows domain. I attempted to configure dual stack on FreeNAS, finally finding out you can't do it. After this, I could not connect to AD at all.

Since then, I have factory reset, downgraded, upgraded, and tried the beta. I am getting the same errors across all versions, so I do not think it is a bug, but perhaps just a nasty setting.

This past time, I factory reset it, setup basic networking, and tried to join AD- no plugins or anything special. These are the log messages when I try to start AD service:

Code:

Jun 18 21:31:51 freenas ActiveDirectory: /usr/sbin/service ix-samba start
Jun 18 21:31:52 freenas generate_smb4_conf.py: [common.pipesubr:58] Popen()ing: /sbin/sysctl -n 'kern.maxfilesperproc'
Jun 18 21:31:52 freenas generate_smb4_conf.py: [common.pipesubr:58] Popen()ing: /usr/local/bin/pdbedit -d 0 -i smbpasswd:/tmp/tmpO_7boy -s /usr/local/etc/smb4.conf -e tdbsam:/var/etc/private/passdb.tdb
Jun 18 21:31:52 freenas generate_smb4_conf.py: [common.pipesubr:58] Popen()ing: /usr/local/bin/net groupmap add unixgroup='chrisftp' ntgroup='chrisftp'
Jun 18 21:31:52 freenas generate_smb4_conf.py: [common.pipesubr:58] Popen()ing: /usr/local/bin/net groupmap add unixgroup='backupftp' ntgroup='backupftp'
Jun 18 21:31:52 freenas ActiveDirectory: /usr/local/bin/python /usr/local/www/freenasUI/middleware/notifier.py start cifs
Jun 18 21:31:54 freenas generate_smb4_conf.py: [common.pipesubr:58] Popen()ing: /sbin/sysctl -n 'kern.maxfilesperproc'
Jun 18 21:31:54 freenas generate_smb4_conf.py: [common.pipesubr:58] Popen()ing: /usr/local/bin/pdbedit -d 0 -i smbpasswd:/tmp/tmpLm45w3 -s /usr/local/etc/smb4.conf -e tdbsam:/var/etc/private/passdb.tdb
Jun 18 21:31:54 freenas generate_smb4_conf.py: [common.pipesubr:58] Popen()ing: /usr/local/bin/net groupmap add unixgroup='chrisftp' ntgroup='chrisftp'
Jun 18 21:31:54 freenas generate_smb4_conf.py: [common.pipesubr:58] Popen()ing: /usr/local/bin/net groupmap add unixgroup='backupftp' ntgroup='backupftp'
Jun 18 21:31:54 freenas notifier: Performing sanity check on Samba configuration: OK
Jun 18 21:31:54 freenas notifier: Starting nmbd.
Jun 18 21:31:54 freenas notifier: Starting smbd.
Jun 18 21:31:54 freenas nmbd[33981]: [2014/06/18 21:31:54.575548,  0] ../lib/util/become_daemon.c:136(daemon_ready)
Jun 18 21:31:54 freenas notifier: Starting winbindd.
Jun 18 21:31:54 freenas smbd[33985]: [2014/06/18 21:31:54.648186,  0] ../lib/util/become_daemon.c:136(daemon_ready)
Jun 18 21:31:54 freenas winbindd[33991]: [2014/06/18 21:31:54.693355,  0] ../source3/winbindd/winbindd_cache.c:3196(initialize_winbindd_cache)
Jun 18 21:31:54 freenas winbindd[33991]:  initialize_winbindd_cache: clearing cache and re-creating with version number 2
Jun 18 21:31:54 freenas winbindd[33991]: [2014/06/18 21:31:54.696307,  0] ../source3/winbindd/winbindd_util.c:634(init_domain_list)
Jun 18 21:31:54 freenas winbindd[33991]:  Could not fetch our SID - did we join?
Jun 18 21:31:54 freenas winbindd[33991]: [2014/06/18 21:31:54.696400,  0] ../source3/winbindd/winbindd.c:1204(winbindd_register_handlers)
Jun 18 21:31:54 freenas winbindd[33991]:  unable to initialize domain list

Those lines at the end are what I have been seeing across versions. I can see the domain:

Code:

[root@freenas ~]# net ads info -U Administrator                               
Enter Administrator's password:                                               
LDAP server: 192.168.2.254                                                     
LDAP server name: DELL.DILLDESIGN.local                                       
Realm: DILLDESIGN.LOCAL                                                       
Bind Path: dc=DILLDESIGN,dc=LOCAL                                             
LDAP port: 389                                                                 
Server time: Wed, 18 Jun 2014 21:44:45 PDT                                     
KDC server: 192.168.2.254                                                     
Server time offset: -8

But I cannot join it:

Code:

[root@freenas ~]# net ads join -U Administrator                               
Enter Administrator's password:                                               
Failed to join domain: failed to lookup DC info for domain 'DILLDESIGN.LOCAL' ov
er rpc: NT_STATUS_CONNECTION_RESET

I can ping both ways, I can ping the gateways, resolve DNS names. If I turn on NFS and share I can access my data. I just cannot join AD. This is giving me other issues, as all of my shares are done over CIFS with windows permissions for various reasons.

As of right now I am on FreeNAS-9.2.1.6-BETA-5c259f3-x64
AMD A4-4000 APU with Radeon(tm) HD Graphics
16 GB of RAM
My load average is LOW.

I have tried to create the AD object manually, I have changed around permissions etc. I have changed around domain GPO to allow communication based on some random post I found about Server 2012 R2. I have tried various Aux Params including:

preferred master = no
domain master = no
realm = DILLDESIGN.LOCAL

security = ads

Any help would be GREAT, I am at my wits end. I would say that I would kill all my jails and start from scratch... except that I have already done this.

 

[Chris Dill]

I am also open to alternative solutions than joining AD. The reason I join AD, is because I share out 6 differe datasets in different ways. Some NFS for my XBMC/Pi, and some CIFS for my network users. Drives are mapped via Group Policy and are permissions based- this way member of "Domain Admins" get access to my accounting share, and so forth.

Is there a way to secure this mess without using AD integration?

Anyone have a line of troubleshooting I can follow to narrow this down? Like check A, B, and C and look for error messages 1, 2, or 3?

Thanks

 

[Chris Dill]

I tried installing version 9.1.3 on a different USB and it had the same problem. I removed all extra devices including the extra NIC and still no change. I check BIOS and disabled anything extra from the motherboard. Also enabled BIOS power management and then left powerd off on FreeNAS. As of right now, I have stable operation with Directory Service set to -------- in FreeNAS > Settings. CIFS is on and enabled, and CIFS shares are being published and browasable.While in this mode, net join ADS obviously results in an error:

Code:

[root@freenas] ~# net ads join -U Administrator
Host is not configured as a member server.
Invalid configuration.  Exiting....
Failed to join domain: This operation is only allowed for the PDC of the domain.

If I switch Directory Service to Active Directory, and immediately try to join ads, I get the same message. If I go to FreeNAS > Services and edit the settings for Directory Services, this is what they are: http://cl.ly/image/301A2f471m1t

If I try to start the service, it tries for about a minute and fails. When I check /var/log/message, here is the last page of errors, which have been the same across all of my attempts and versions:

Code:

Jun 24 12:21:56 freenas generate_smb4_conf.py: [common.pipesubr:58] Popen()ing: zfs list -H -o mountpoint
Jun 24 12:21:56 freenas last message repeated 5 times
Jun 24 12:21:56 freenas generate_smb4_conf.py: [common.pipesubr:58] Popen()ing: /usr/local/bin/pdbedit -d 0 -i smbpasswd:/tmp/tmpsPq5MZ -e tdbsam:/var/etc/priv              ate/passdb.tdb -s /usr/local/etc/smb4.conf
Jun 24 12:21:57 freenas notifier: Performing sanity check on Samba configuration: OK
Jun 24 12:21:57 freenas notifier: Starting nmbd.
Jun 24 12:21:57 freenas notifier: Starting smbd.
Jun 24 12:21:57 freenas notifier: Starting winbindd.
Jun 24 12:21:57 freenas winbindd[84952]: [2014/06/24 12:21:57.175446,  0] ../source3/winbindd/winbindd_cache.c:3196(initialize_winbindd_cache)
Jun 24 12:21:57 freenas winbindd[84952]:  initialize_winbindd_cache: clearing cache and re-creating with version number 2
Jun 24 12:22:00 freenas ActiveDirectory: /usr/local/bin/python /usr/local/www/freenasUI/middleware/notifier.py stop cifs
Jun 24 12:22:01 freenas notifier: Stopping winbindd.
Jun 24 12:22:01 freenas winbindd[84952]: [2014/06/24 12:22:01.766316,  0] ../source3/winbindd/winbindd.c:234(winbindd_sig_term_handler)
Jun 24 12:22:01 freenas winbindd[84952]:  Got sig[15] terminate (is_parent=1)
Jun 24 12:22:01 freenas winbindd[84953]: [2014/06/24 12:22:01.769553,  0] ../source3/winbindd/winbindd.c:234(winbindd_sig_term_handler)
Jun 24 12:22:01 freenas winbindd[84953]:  Got sig[15] terminate (is_parent=0)
Jun 24 12:22:01 freenas notifier: Waiting for PIDS: 84952.
Jun 24 12:22:01 freenas notifier: Stopping smbd.
Jun 24 12:22:02 freenas notifier: Waiting for PIDS: 84946, 84946.
Jun 24 12:22:02 freenas notifier: Stopping nmbd.
Jun 24 12:22:02 freenas notifier: Waiting for PIDS: 84942.
Jun 24 12:22:02 freenas ActiveDirectory: /usr/sbin/service ix-kerberos quietstop
Jun 24 12:22:02 freenas ActiveDirectory: /usr/sbin/service ix-nsswitch quietstop
Jun 24 12:22:02 freenas ActiveDirectory: /usr/sbin/service ix-pam quietstop
Jun 24 12:22:03 freenas ActiveDirectory: /usr/sbin/service ix-kinit forcestop
Jun 24 12:22:03 freenas ActiveDirectory: /usr/sbin/service ix-activedirectory forcestop
Jun 24 12:22:04 freenas ActiveDirectory: /usr/sbin/service ix-cache quietstop &
Jun 24 12:22:05 freenas ActiveDirectory: /usr/sbin/service samba_server forcestop
Jun 24 12:22:05 freenas ActiveDirectory: /usr/sbin/service ix-samba start
Jun 24 12:22:06 freenas generate_smb4_conf.py: [common.pipesubr:58] Popen()ing: zfs list -H -o mountpoint,name
Jun 24 12:22:06 freenas generate_smb4_conf.py: [common.pipesubr:58] Popen()ing: zfs list -H -o mountpoint
Jun 24 12:22:06 freenas last message repeated 5 times
Jun 24 12:22:06 freenas generate_smb4_conf.py: [common.pipesubr:58] Popen()ing: /usr/local/bin/pdbedit -d 0 -i smbpasswd:/tmp/tmpIhpAa5 -e tdbsam:/var/etc/priv              ate/passdb.tdb -s /usr/local/etc/smb4.conf
Jun 24 12:22:06 freenas ActiveDirectory: /usr/local/bin/python /usr/local/www/freenasUI/middleware/notifier.py start cifs
Jun 24 12:22:07 freenas generate_smb4_conf.py: [common.pipesubr:58] Popen()ing: zfs list -H -o mountpoint,name
Jun 24 12:22:07 freenas generate_smb4_conf.py: [common.pipesubr:58] Popen()ing: zfs list -H -o mountpoint
Jun 24 12:22:07 freenas last message repeated 5 times
Jun 24 12:22:07 freenas generate_smb4_conf.py: [common.pipesubr:58] Popen()ing: /usr/local/bin/pdbedit -d 0 -i smbpasswd:/tmp/tmpiwdOTL -e tdbsam:/var/etc/priv              ate/passdb.tdb -s /usr/local/etc/smb4.conf
Jun 24 12:22:08 freenas notifier: Performing sanity check on Samba configuration: OK
Jun 24 12:22:08 freenas notifier: Starting nmbd.
Jun 24 12:22:08 freenas notifier: Starting smbd.
Jun 24 12:22:08 freenas notifier: Starting winbindd.
Jun 24 12:22:08 freenas winbindd[86004]: [2014/06/24 12:22:08.181558,  0] ../source3/winbindd/winbindd_cache.c:3196(initialize_winbindd_cache)
Jun 24 12:22:08 freenas winbindd[86004]:  initialize_winbindd_cache: clearing cache and re-creating with version number 2
[root@freenas] /var/log#

Now if I go to FreeNAS > Settings and change Directory Service to Domain Controller, I can start the Directory Service from the FreeNAS GUI even without options configured. This pushes out a bunch of log errors of course, because it is being told to be a domain controller without a domain name. Now If it switch the Directory Service back to Active Directory, the Directory Service service stays connected and on. I think this is just a bug of GUI. When I try to stop and restart the service form the GUI I get:

Code:

Jun 24 12:31:04 freenas ActiveDirectory: /usr/sbin/service ix-kerberos quietstop
Jun 24 12:31:05 freenas ActiveDirectory: /usr/sbin/service ix-nsswitch quietstop
Jun 24 12:31:05 freenas ActiveDirectory: /usr/sbin/service ix-pam quietstop
Jun 24 12:31:05 freenas ActiveDirectory: /usr/sbin/service ix-kinit forcestop
Jun 24 12:31:05 freenas ActiveDirectory: /usr/sbin/service ix-activedirectory forcestop
Jun 24 12:31:06 freenas ActiveDirectory: /usr/sbin/service ix-cache quietstop &
Jun 24 12:31:07 freenas ActiveDirectory: /usr/sbin/service samba_server forcestop
Jun 24 12:31:07 freenas ActiveDirectory: /usr/sbin/service ix-samba start
Jun 24 12:31:08 freenas generate_smb4_conf.py: [common.pipesubr:58] Popen()ing: zfs list -H -o mountpoint,name
Jun 24 12:31:08 freenas generate_smb4_conf.py: [common.pipesubr:58] Popen()ing: zfs list -H -o mountpoint
Jun 24 12:31:08 freenas last message repeated 5 times
Jun 24 12:31:08 freenas generate_smb4_conf.py: [common.pipesubr:58] Popen()ing: /usr/local/bin/pdbedit -d 0 -i smbpasswd:/tmp/tmpQd8LPh -e tdbsam:/var/etc/private/passdb.tdb -s /usr/local/etc/smb4.conf
Jun 24 12:31:08 freenas ActiveDirectory: /usr/local/bin/python /usr/local/www/freenasUI/middleware/notifier.py start cifs
Jun 24 12:31:09 freenas generate_smb4_conf.py: [common.pipesubr:58] Popen()ing: zfs list -H -o mountpoint,name
Jun 24 12:31:09 freenas generate_smb4_conf.py: [common.pipesubr:58] Popen()ing: zfs list -H -o mountpoint
Jun 24 12:31:09 freenas last message repeated 5 times
Jun 24 12:31:09 freenas generate_smb4_conf.py: [common.pipesubr:58] Popen()ing: /usr/local/bin/pdbedit -d 0 -i smbpasswd:/tmp/tmpw2GxS5 -e tdbsam:/var/etc/private/passdb.tdb -s /usr/local/etc/smb4.conf
Jun 24 12:31:10 freenas notifier: Performing sanity check on Samba configuration: OK
Jun 24 12:31:10 freenas notifier: Starting nmbd.
Jun 24 12:31:10 freenas notifier: Starting smbd.
Jun 24 12:31:10 freenas notifier: Starting winbindd.
Jun 24 12:31:10 freenas winbindd[95896]: [2014/06/24 12:31:10.316204,  0] ../source3/winbindd/winbindd_cache.c:3196(initialize_winbindd_cache)
Jun 24 12:31:10 freenas winbindd[95896]:  initialize_winbindd_cache: clearing cache and re-creating with version number 2
Jun 24 12:31:18 freenas winbindd[95897]: [2014/06/24 12:31:18.061345,  0] ../source3/winbindd/winbindd_samr.c:694(sam_sid_to_name)
Jun 24 12:31:18 freenas winbindd[95897]:  sam_sid_to_name: possible deadlock - trying to lookup SID S-1-5-21-763733223-4151458004-3666962686-1000

Only thing different here is the deadlock message at the end.

Anyone got any ideas? My NAS supports several webservers for non critical backup locations and it is a huge trouble for it to be down. Any advice or tips would be fine- again I think its the Windows server 2012 R2 network and IPv6 which are causing trouble with samba.

 

[Chris Dill]

If you look up that SID it is:

• SID: S-1-5-21-domain-522
  Name: Cloneable Domain Controllers
  Description: A Global group. Members of this group that are domain controllers may be cloned.

 

[Serverbaboon]

I am running 2012 R2 with no problems (IPv4) but I am not using the NAS box as DC.

Have you done a cleanup of AD to remove the old box, especially if the Freenas box has been a domain controller.

One of the error messages suggested there might be some dns issues, can you actually ping DILLDESIGN.LOCAL, also if you run nslookup DILLDESIGN.LOCAL does it return valid ip addresses, any invalid?.

I know you have some AD knowledge but have you looked up

http://forums.freenas.org/index.php?threads/using-active-directory-with-freenas.18068/

there is another but cannot find it.

Is there a need to have Freenas as DC, I tend to feel Microsoft Windows should be the only Domain Controllers just as some people think Windoze should be file servers.

 

[Chris Dill]

@Serverbaboon Thanks for the reply! I also am NOT using the NAS as my DC- the only time I am doing anything with that is during troubleshooting of AD. The end goal here is to have the Windows PDC as the only DC in the domain. I have not done a cleanup, but I have formatted and reinstalled FreeNAS several times, which I think would accomplish the same thing. I will try this now though.

I can ping and nslookup everything:

Code:

[root@freenas] ~# nslookup dell.dilldesign.local
Server:        192.168.2.254
Address:        192.168.2.254#53
 
Name:  dell.dilldesign.local
Address: 192.168.2.56
Name:  dell.dilldesign.local
Address: 192.168.2.254
 
[root@freenas] ~# nslookup freenas
Server:        192.168.2.254
Address:        192.168.2.254#53
 
Name:  freenas.dilldesign.local
Address: 192.168.2.57
 
[root@freenas] ~# ping 192.168.2.1
PING 192.168.2.1 (192.168.2.1): 56 data bytes
64 bytes from 192.168.2.1: icmp_seq=0 ttl=64 time=0.531 ms
64 bytes from 192.168.2.1: icmp_seq=1 ttl=64 time=0.585 ms
^C
--- 192.168.2.1 ping statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.531/0.558/0.585/0.027 ms
[root@freenas] ~# pint 192.168.2.254
 
CORRECT>ping 192.168.2.254 (y|n|e|a)? yes
PING 192.168.2.254 (192.168.2.254): 56 data bytes
64 bytes from 192.168.2.254: icmp_seq=0 ttl=128 time=0.372 ms
64 bytes from 192.168.2.254: icmp_seq=1 ttl=128 time=0.365 ms
^C
--- 192.168.2.254 ping statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.365/0.368/0.372/0.003 ms
 
[root@freenas] ~# nslookup dilldesign.local
Server:         192.168.2.254
Address:        192.168.2.254#53
 
Name:   dilldesign.local
Address: 192.168.2.254
 
[root@freenas] ~#

I can't find the code right now, but I am also able to query the DC for the domain, which resolves to DELL.DILLDESIGN.LOCAL. I agree with you as Windows as the only DC and I am aimed at that. I will read the post you linked, thanks again for the reply!

 

[Chris Dill]

After rebuilding AD cache, same message:

Code:

Jun 26 05:42:08 freenas notifier: Stopping smbd.
Jun 26 05:42:09 freenas notifier: Waiting for PIDS: 93416, 93416.
Jun 26 05:42:09 freenas notifier: Stopping nmbd.
Jun 26 05:42:09 freenas notifier: Waiting for PIDS: 93412.
Jun 26 05:42:09 freenas ActiveDirectory: /usr/sbin/service ix-kerberos quietstop
Jun 26 05:42:09 freenas ActiveDirectory: /usr/sbin/service ix-nsswitch quietstop
Jun 26 05:42:09 freenas ActiveDirectory: /usr/sbin/service ix-pam quietstop
Jun 26 05:42:09 freenas ActiveDirectory: /usr/sbin/service ix-kinit forcestop
Jun 26 05:42:09 freenas ActiveDirectory: /usr/sbin/service ix-activedirectory forcestop
Jun 26 05:42:11 freenas ActiveDirectory: /usr/sbin/service ix-cache quietstop &
Jun 26 05:42:11 freenas ActiveDirectory: /usr/sbin/service samba_server forcestop
Jun 26 05:42:11 freenas ActiveDirectory: /usr/sbin/service ix-samba start
Jun 26 05:42:12 freenas generate_smb4_conf.py: [common.pipesubr:58] Popen()ing: zfs list -H -o mountpoint,name
Jun 26 05:42:12 freenas generate_smb4_conf.py: [common.pipesubr:58] Popen()ing: zfs list -H -o mountpoint
Jun 26 05:42:12 freenas last message repeated 5 times
Jun 26 05:42:12 freenas generate_smb4_conf.py: [common.pipesubr:58] Popen()ing: /usr/local/bin/pdbedit -d 0 -i smbpasswd:/tmp/tmpFEME92 -e tdbsam:/var/etc/private/passdb.tdb -s /usr/local/etc/smb4.conf
Jun 26 05:42:12 freenas ActiveDirectory: /usr/local/bin/python /usr/local/www/freenasUI/middleware/notifier.py start cifs
Jun 26 05:42:14 freenas generate_smb4_conf.py: [common.pipesubr:58] Popen()ing: zfs list -H -o mountpoint,name
Jun 26 05:42:14 freenas generate_smb4_conf.py: [common.pipesubr:58] Popen()ing: zfs list -H -o mountpoint
Jun 26 05:42:14 freenas last message repeated 5 times
Jun 26 05:42:14 freenas generate_smb4_conf.py: [common.pipesubr:58] Popen()ing: /usr/local/bin/pdbedit -d 0 -i smbpasswd:/tmp/tmp4cRTbK -e tdbsam:/var/etc/private/passdb.tdb -s /usr/local/etc/smb4.conf
Jun 26 05:42:14 freenas notifier: Performing sanity check on Samba configuration: OK
Jun 26 05:42:14 freenas notifier: Starting nmbd.
Jun 26 05:42:14 freenas notifier: Starting smbd.
Jun 26 05:42:14 freenas notifier: Starting winbindd.
Jun 26 05:42:14 freenas winbindd[94486]: [2014/06/26 05:42:14.676286,  0] ../source3/winbindd/winbindd_cache.c:3196(initialize_winbindd_cache)
Jun 26 05:42:14 freenas winbindd[94486]:  initialize_winbindd_cache: clearing cache and re-creating with version number 2

 

[Chris Dill]

And here is my ifconfig:

Code:

[root@freenas] ~# ifconfig
bge0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=80099<RXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,LINKSTATE>
        ether 00:10:18:24:42:bf
        inet 192.168.2.57 netmask 0xffffff00 broadcast 192.168.2.255
        nd6 options=9<PERFORMNUD,IFDISABLED>
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
ipfw0: flags=8801<UP,SIMPLEX,MULTICAST> metric 0 mtu 65536
        nd6 options=9<PERFORMNUD,IFDISABLED>
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0xa
        inet 127.0.0.1 netmask 0xff000000
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether 02:f8:91:f0:40:00
        nd6 options=9<PERFORMNUD,IFDISABLED>
        id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
        maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
        root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
        member: epair2a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 14 priority 128 path cost 2000
        member: epair1a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 13 priority 128 path cost 2000
        member: epair0a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 12 priority 128 path cost 2000
        member: bge0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 1 priority 128 path cost 20000
epair0a: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=8<VLAN_MTU>
        ether 02:5b:36:00:0c:0a
        nd6 options=9<PERFORMNUD,IFDISABLED>
        media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
        status: active
epair1a: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=8<VLAN_MTU>
        ether 02:aa:49:00:0d:0a
        nd6 options=9<PERFORMNUD,IFDISABLED>
        media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
        status: active
epair2a: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=8<VLAN_MTU>
        ether 02:f9:d5:00:0e:0a
        nd6 options=9<PERFORMNUD,IFDISABLED>
        media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
        status: active

I also juggled around IP addresses and changed hostnames, I see a lot of these sorts of messages:

Code:

Jun 26 05:49:40 freenas notifier: add net default: gateway 192.168.2.1
Jun 26 05:49:40 freenas notifier: route: writing to routing socket: File exists
Jun 26 05:49:40 freenas notifier: add net fe80::: gateway ::1 fib 0: route already in table
Jun 26 05:49:40 freenas notifier: route: writing to routing socket: File exists
Jun 26 05:49:40 freenas notifier: add net ff02::: gateway ::1 fib 0: route already in table
Jun 26 05:49:40 freenas notifier: route: writing to routing socket: File exists
Jun 26 05:49:40 freenas notifier: add net ::ffff:0.0.0.0: gateway ::1 fib 0: route already in table
Jun 26 05:49:40 freenas notifier: route: writing to routing socket: File exists
Jun 26 05:49:40 freenas notifier: add net ::0.0.0.0: gateway ::1 fib 0: route already in table
Jun 26 05:49:40 freenas notifier: Will not 'start' rtsold because rtsold_enable is NO.

 

[Chris Dill]

This is interesting:

Code:

[root@freenas] ~# wbinfo -t
checking the trust secret for domain DILLDESIGN via RPC calls failed
error code was NT_STATUS_NO_SUCH_DOMAIN (0xc00000df)
failed to call wbcCheckTrustCredentials: WBC_ERR_AUTH_ERROR
Could not check secret

And:

Code:

[root@freenas] ~# nslookup dilldesign
;; Got SERVFAIL reply from 192.168.2.254, trying next server
Server:        8.8.8.8
Address:        8.8.8.8#53
 
** server can't find dilldesign: NXDOMAIN
 
[root@freenas] ~# nslookup dilldesign.local
Server:        192.168.2.254
Address:        192.168.2.254#53
 
Name:  dilldesign.local
Address: 192.168.2.254

 

[Serverbaboon]

I would not expect the Netbios name to resolve with nslookup.

By cleanup I mean of your AD infrastructure, in AD Users and Computers and AD Sites and Services are there any references to the freenas box?

I need to check my own system to see if what its join messages are, but have you used the fully qualified domain name in your setup?

I am not sure if telnet is installed by default but if it is try telneting to your DC on some well known ports.

telnet 192.168.2.254 88
telnet 192.168.2.254 445 (and 139)
telnet 192.168.2.254 3268 (if GC)

Just checking there are no firewalls on the DC getting in the way its only a check on TCP I know.

 

[Chris Dill]

Thanks! Yes my AD is clean- I run AD at home for 4 users, so it is not that hard to keep up with. I do have my FQDN setup- AD integration was working before I migrated my DC to a new physical server, and even after that for a little bit. There is no firewall in the way, I can telnet in on common ports. At this point I have given up with working AD integration and just deal with the permissions nonsense.

I use a couple of other servers which run on Linux which use AD integration and they work just swell.

 

[Chris Dill]

I am seeing a lot of these, even without AD integration

Code:

Jul  2 12:14:00 FREENAS winbindd[7123]: [2014/07/02 12:14:00.654812,  0] ../source3/winbindd/winbindd_samr.c:769(sam_rids_to_names)
Jul  2 12:14:00 FREENAS winbindd[7123]:  sam_rids_to_names: possible deadlock - trying to lookup SID S-1-5-21-433424832-3480657541-2858644693
Jul  2 12:14:00 FREENAS winbindd[7123]: [2014/07/02 12:14:00.674629,  0] ../source3/winbindd/winbindd_samr.c:769(sam_rids_to_names)
Jul  2 12:14:00 FREENAS winbindd[7123]:  sam_rids_to_names: possible deadlock - trying to lookup SID S-1-5-21-763733223-4151458004-3666962686
Jul  2 12:14:01 FREENAS winbindd[7123]: [2014/07/02 12:14:01.078334,  0] ../source3/winbindd/winbindd_samr.c:769(sam_rids_to_names)
Jul  2 12:14:01 FREENAS winbindd[7123]:  sam_rids_to_names: possible deadlock - trying to lookup SID S-1-5-21-433424832-3480657541-2858644693
Jul  2 12:14:01 FREENAS winbindd[7123]: [2014/07/02 12:14:01.488728,  0] ../source3/winbindd/winbindd_samr.c:769(sam_rids_to_names)
Jul  2 12:14:01 FREENAS winbindd[7123]:  sam_rids_to_names: possible deadlock - trying to lookup SID S-1-5-21-763733223-4151458004-3666962686
Jul  2 12:14:12 FREENAS winbindd[7123]: [2014/07/02 12:14:12.496911,  0] ../source3/winbindd/winbindd_samr.c:769(sam_rids_to_names)
Jul  2 12:14:12 FREENAS winbindd[7123]:  sam_rids_to_names: possible deadlock - trying to lookup SID S-1-5-21-433424832-3480657541-2858644693
Jul  2 12:14:12 FREENAS winbindd[7123]: [2014/07/02 12:14:12.497319,  0] ../source3/winbindd/winbindd_samr.c:769(sam_rids_to_names)
Jul  2 12:14:12 FREENAS winbindd[7123]:  sam_rids_to_names: possible deadlock - trying to lookup SID S-1-5-21-763733223-4151458004-3666962686
Jul  2 12:14:12 FREENAS winbindd[7123]: [2014/07/02 12:14:12.907939,  0] ../source3/winbindd/winbindd_samr.c:769(sam_rids_to_names)
Jul  2 12:14:12 FREENAS winbindd[7123]:  sam_rids_to_names: possible deadlock - trying to lookup SID S-1-5-21-433424832-3480657541-2858644693
Jul  2 12:14:13 FREENAS winbindd[7123]: [2014/07/02 12:14:13.304609,  0] ../source3/winbindd/winbindd_samr.c:769(sam_rids_to_names)
Jul  2 12:14:13 FREENAS winbindd[7123]:  sam_rids_to_names: possible deadlock - trying to lookup SID S-1-5-21-763733223-4151458004-3666962686

 

[Chris Dill]

More code, this is driving me nuts.

Code:

[root@FREENAS] ~# date
Wed Jul  2 14:30:17 EDT 2014
[root@FREENAS] ~# net ads info
LDAP server: 192.168.2.254
LDAP server name: DELL.DILLDESIGN.local
Realm: DILLDESIGN.LOCAL
Bind Path: dc=DILLDESIGN,dc=LOCAL
LDAP port: 389
Server time: Wed, 02 Jul 2014 14:30:18 EDT
KDC server: 192.168.2.254
Server time offset: 0
[root@FREENAS] ~# net ads leave
Enter root's password:
Failed to leave domain: Unable to fetch domain sid: are we joined?

As you can see here, it is pulling permissions and Sid from AD- it is actually connecting to AD fine, it just will not join

Code:

[root@FREENAS] ~# net ads status
Enter root's password:
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
objectClass: computer
cn: FREENAS
distinguishedName: CN=FREENAS,CN=Computers,DC=DILLDESIGN,DC=local
instanceType: 4
whenCreated: 20140702180924.0Z
whenChanged: 20140702182258.0Z
uSNCreated: 75475
uSNChanged: 75521
-------------- Security Descriptor (revision: 1, type: 0x8c14)
owner SID: S-1-5-21-1250655727-3960698816-3196376499-512
group SID: S-1-5-21-1250655727-3960698816-3196376499-512
------- (system) ACL (revision: 4, size: 120, number of ACEs: 2)
------- ACE (type: 0x07, flags: 0x5a, size: 0x38, mask: 0x20, object flags: 0x3)
access SID:  S-1-1-0
access type: AUDIT OBJECT
Object type: SEC_ACE_OBJECT_TYPE_PRESENT
Object GUID: f30e3bbe-9ff0-11d1-b603-0000f80367c1 (LDAP attribute: "gPLink")
Object type: SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT
Object GUID: bf967aa5-0de6-11d0-a285-00aa003049e2 (LDAP attribute: "organization                                                                                                    alUnit")
Permissions:
        [Write All Properties] (0x00000020)
------- ACE (type: 0x07, flags: 0x5a, size: 0x38, mask: 0x20, object flags: 0x3)
access SID:  S-1-1-0
access type: AUDIT OBJECT
Object type: SEC_ACE_OBJECT_TYPE_PRESENT
Object GUID: f30e3bbf-9ff0-11d1-b603-0000f80367c1 (LDAP attribute: "gPOptions")
Object type: SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT
Object GUID: bf967aa5-0de6-11d0-a285-00aa003049e2 (LDAP attribute: "organization                                                                                                    alUnit")
Permissions:
        [Write All Properties] (0x00000020)
------- (user) ACL (revision: 4, size: 1568, number of ACEs: 35)
------- ACE (type: 0x05, flags: 0x00, size: 0x38, mask: 0x30, object flags: 0x1)
access SID:  S-1-5-21-1250655727-3960698816-3196376499-517
access type: ALLOWED OBJECT
Object type: SEC_ACE_OBJECT_TYPE_PRESENT
Object GUID: bf967a7f-0de6-11d0-a285-00aa003049e2 (LDAP attribute: "userCertific                                                                                                    ate")
Permissions:
        [Read All Properties] (0x00000010)
        [Write All Properties] (0x00000020)
------- ACE (type: 0x05, flags: 0x00, size: 0x2c, mask: 0x3, object flags: 0x1)
access SID:  S-1-5-32-550
access type: ALLOWED OBJECT
Object type: SEC_ACE_OBJECT_TYPE_PRESENT
Object GUID: bf967aa8-0de6-11d0-a285-00aa003049e2 (LDAP attribute: "printQueue")
Permissions:
        [Create All Child Objects] (0x00000001)
        [Delete All Child Objects] (0x00000002)
------- ACE (type: 0x05, flags: 0x00, size: 0x2c, mask: 0x10, object flags: 0x1)
access SID:  S-1-5-32-560
access type: ALLOWED OBJECT
Object type: SEC_ACE_OBJECT_TYPE_PRESENT
Object GUID: 46a9b11d-60ae-405a-b7e8-ff8a58d456d2 (LDAP attribute: "tokenGroupsG                                                                                                    lobalAndUniversal")
Permissions:
        [Read All Properties] (0x00000010)
------- ACE (type: 0x05, flags: 0x00, size: 0x28, mask: 0x8, object flags: 0x1)
access SID:  S-1-5-10
access type: ALLOWED OBJECT
Object type: SEC_ACE_OBJECT_TYPE_PRESENT
Object GUID: 72e39547-7b18-11d1-adef-00c04fd8d5cd (LDAP attribute: "dNSHostName"                                                                                                    )
Permissions:
        [All validate writes] (0x00000008)
------- ACE (type: 0x05, flags: 0x00, size: 0x28, mask: 0x8, object flags: 0x1)
access SID:  S-1-5-10
access type: ALLOWED OBJECT
Object type: SEC_ACE_OBJECT_TYPE_PRESENT
Object GUID: f3a64788-5306-11d1-a9c5-0000f80367c1 (LDAP attribute: "servicePrinc                                                                                                    ipalName")
Permissions:
        [All validate writes] (0x00000008)
------- ACE (type: 0x05, flags: 0x00, size: 0x28, mask: 0x30, object flags: 0x1)
access SID:  S-1-5-10
access type: ALLOWED OBJECT
Object type: SEC_ACE_OBJECT_TYPE_PRESENT
Object GUID: 77b5b886-944a-11d1-aebd-0000f80367c1 (Extended right: "Personal Inf                                                                                                    ormation")
Permissions:
        [Read All Properties] (0x00000010)
        [Write All Properties] (0x00000020)
------- ACE (type: 0x00, flags: 0x00, size: 0x24, mask: 0xf01ff)
access SID:  S-1-5-21-1250655727-3960698816-3196376499-512
access type: ALLOWED
Permissions: [Full Control]
------- ACE (type: 0x00, flags: 0x00, size: 0x24, mask: 0xf01ff)
access SID:  S-1-5-21-1250655727-3960698816-3196376499-1615
access type: ALLOWED
Permissions: [Full Control]
------- ACE (type: 0x00, flags: 0x00, size: 0x18, mask: 0xf01ff)
access SID:  S-1-5-32-548
access type: ALLOWED
Permissions: [Full Control]
------- ACE (type: 0x00, flags: 0x00, size: 0x14, mask: 0x3)
access SID:  S-1-5-10
access type: ALLOWED
Permissions:
        [Create All Child Objects] (0x00000001)
        [Delete All Child Objects] (0x00000002)
------- ACE (type: 0x00, flags: 0x00, size: 0x14, mask: 0x20094)
access SID:  S-1-5-11
access type: ALLOWED
Permissions:
        [List Contents] (0x00000004)
        [Read All Properties] (0x00000010)
        [List Object] (0x00000080)
        [Read Permissions] (0x00020000)
------- ACE (type: 0x00, flags: 0x00, size: 0x14, mask: 0xf01ff)
access SID:  S-1-1-0
access type: ALLOWED
Permissions: [Full Control]
------- ACE (type: 0x00, flags: 0x00, size: 0x14, mask: 0xf01ff)
access SID:  S-1-5-18
access type: ALLOWED
Permissions: [Full Control]
------- ACE (type: 0x05, flags: 0x1a, size: 0x3c, mask: 0x10, object flags: 0x3)
access SID:  S-1-5-32-554
access type: ALLOWED OBJECT
Object type: SEC_ACE_OBJECT_TYPE_PRESENT
Object GUID: 4c164200-20c0-11d0-a768-00aa006e0529 (Extended right: "Account Rest                                                                                                    rictions")
Object type: SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT
Object GUID: 4828cc14-1437-45bc-9b07-ad6f015e5f28 (LDAP attribute: "inetOrgPerso                                                                                                    n")
Permissions:
        [Read All Properties] (0x00000010)
------- ACE (type: 0x05, flags: 0x1a, size: 0x3c, mask: 0x10, object flags: 0x3)
access SID:  S-1-5-32-554
access type: ALLOWED OBJECT
Object type: SEC_ACE_OBJECT_TYPE_PRESENT
Object GUID: 4c164200-20c0-11d0-a768-00aa006e0529 (Extended right: "Account Rest                                                                                                    rictions")
Object type: SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT
Object GUID: bf967aba-0de6-11d0-a285-00aa003049e2 (LDAP attribute: "user")
Permissions:
        [Read All Properties] (0x00000010)
------- ACE (type: 0x05, flags: 0x1a, size: 0x3c, mask: 0x10, object flags: 0x3)
access SID:  S-1-5-32-554
access type: ALLOWED OBJECT
Object type: SEC_ACE_OBJECT_TYPE_PRESENT
Object GUID: 5f202010-79a5-11d0-9020-00c04fc2d4cf (Extended right: "Logon Inform                                                                                                    ation")
Object type: SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT
Object GUID: 4828cc14-1437-45bc-9b07-ad6f015e5f28 (LDAP attribute: "inetOrgPerso                                                                                                    n")
Permissions:
        [Read All Properties] (0x00000010)
------- ACE (type: 0x05, flags: 0x1a, size: 0x3c, mask: 0x10, object flags: 0x3)
access SID:  S-1-5-32-554
access type: ALLOWED OBJECT
Object type: SEC_ACE_OBJECT_TYPE_PRESENT
Object GUID: 5f202010-79a5-11d0-9020-00c04fc2d4cf (Extended right: "Logon Inform                                                                                                    ation")
Object type: SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT
Object GUID: bf967aba-0de6-11d0-a285-00aa003049e2 (LDAP attribute: "user")
Permissions:
        [Read All Properties] (0x00000010)
------- ACE (type: 0x05, flags: 0x1a, size: 0x3c, mask: 0x10, object flags: 0x3)
access SID:  S-1-5-32-554
access type: ALLOWED OBJECT
Object type: SEC_ACE_OBJECT_TYPE_PRESENT
Object GUID: bc0ac240-79a9-11d0-9020-00c04fc2d4cf (Extended right: "Group Member                                                                                                    ship")
Object type: SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT
Object GUID: 4828cc14-1437-45bc-9b07-ad6f015e5f28 (LDAP attribute: "inetOrgPerso                                                                                                    n")
Permissions:
        [Read All Properties] (0x00000010)
------- ACE (type: 0x05, flags: 0x1a, size: 0x3c, mask: 0x10, object flags: 0x3)
access SID:  S-1-5-32-554
access type: ALLOWED OBJECT
Object type: SEC_ACE_OBJECT_TYPE_PRESENT
Object GUID: bc0ac240-79a9-11d0-9020-00c04fc2d4cf (Extended right: "Group Member                                                                                                    ship")
Object type: SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT
Object GUID: bf967aba-0de6-11d0-a285-00aa003049e2 (LDAP attribute: "user")
Permissions:
        [Read All Properties] (0x00000010)
------- ACE (type: 0x05, flags: 0x1a, size: 0x3c, mask: 0x10, object flags: 0x3)
access SID:  S-1-5-32-554
access type: ALLOWED OBJECT
Object type: SEC_ACE_OBJECT_TYPE_PRESENT
Object GUID: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf (Extended right: "General Info                                                                                                    rmation")
Object type: SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT
Object GUID: 4828cc14-1437-45bc-9b07-ad6f015e5f28 (LDAP attribute: "inetOrgPerso                                                                                                    n")
Permissions:
        [Read All Properties] (0x00000010)
------- ACE (type: 0x05, flags: 0x1a, size: 0x3c, mask: 0x10, object flags: 0x3)
access SID:  S-1-5-32-554
access type: ALLOWED OBJECT
Object type: SEC_ACE_OBJECT_TYPE_PRESENT
Object GUID: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf (Extended right: "General Info                                                                                                    rmation")
Object type: SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT
Object GUID: bf967aba-0de6-11d0-a285-00aa003049e2 (LDAP attribute: "user")
Permissions:
        [Read All Properties] (0x00000010)
------- ACE (type: 0x05, flags: 0x1a, size: 0x3c, mask: 0x10, object flags: 0x3)
access SID:  S-1-5-32-554
access type: ALLOWED OBJECT
Object type: SEC_ACE_OBJECT_TYPE_PRESENT
Object GUID: 037088f8-0ae1-11d2-b422-00a0c968f939 (Extended right: "Remote Acces                                                                                                    s Information")
Object type: SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT
Object GUID: 4828cc14-1437-45bc-9b07-ad6f015e5f28 (LDAP attribute: "inetOrgPerso                                                                                                    n")
Permissions:
        [Read All Properties] (0x00000010)
------- ACE (type: 0x05, flags: 0x1a, size: 0x3c, mask: 0x10, object flags: 0x3)
access SID:  S-1-5-32-554
access type: ALLOWED OBJECT
Object type: SEC_ACE_OBJECT_TYPE_PRESENT
Object GUID: 037088f8-0ae1-11d2-b422-00a0c968f939 (Extended right: "Remote Acces                                                                                                    s Information")
Object type: SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT
Object GUID: bf967aba-0de6-11d0-a285-00aa003049e2 (LDAP attribute: "user")
Permissions:
        [Read All Properties] (0x00000010)
------- ACE (type: 0x05, flags: 0x12, size: 0x38, mask: 0x10, object flags: 0x3)
access SID:  S-1-5-9
access type: ALLOWED OBJECT
Object type: SEC_ACE_OBJECT_TYPE_PRESENT
Object GUID: b7c69e6d-2cc7-11d2-854e-00a0c983f608 (LDAP attribute: "tokenGroups"                                                                                                    )
Object type: SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT
Object GUID: bf967a86-0de6-11d0-a285-00aa003049e2 (LDAP attribute: "computer")
Permissions:
        [Read All Properties] (0x00000010)
------- ACE (type: 0x05, flags: 0x1a, size: 0x38, mask: 0x10, object flags: 0x3)
access SID:  S-1-5-9
access type: ALLOWED OBJECT
Object type: SEC_ACE_OBJECT_TYPE_PRESENT
Object GUID: b7c69e6d-2cc7-11d2-854e-00a0c983f608 (LDAP attribute: "tokenGroups"                                                                                                    )
Object type: SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT
Object GUID: bf967a9c-0de6-11d0-a285-00aa003049e2 (LDAP attribute: "group")
Permissions:
        [Read All Properties] (0x00000010)
------- ACE (type: 0x05, flags: 0x1a, size: 0x38, mask: 0x10, object flags: 0x3)
access SID:  S-1-5-9
access type: ALLOWED OBJECT
Object type: SEC_ACE_OBJECT_TYPE_PRESENT
Object GUID: b7c69e6d-2cc7-11d2-854e-00a0c983f608 (LDAP attribute: "tokenGroups"                                                                                                    )
Object type: SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT
Object GUID: bf967aba-0de6-11d0-a285-00aa003049e2 (LDAP attribute: "user")
Permissions:
        [Read All Properties] (0x00000010)
------- ACE (type: 0x05, flags: 0x12, size: 0x38, mask: 0x20, object flags: 0x3)
access SID:  S-1-5-10
access type: ALLOWED OBJECT
Object type: SEC_ACE_OBJECT_TYPE_PRESENT
Object GUID: ea1b7b93-5e48-46d5-bc6c-4df4fda78a35 (LDAP attribute: "msTPM-TpmInf                                                                                                    ormationForComputer")
Object type: SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT
Object GUID: bf967a86-0de6-11d0-a285-00aa003049e2 (LDAP attribute: "computer")
Permissions:
        [Write All Properties] (0x00000020)
------- ACE (type: 0x05, flags: 0x1a, size: 0x2c, mask: 0x20094, object flags: 0                                                                                                    x2)
access SID:  S-1-5-32-554
access type: ALLOWED OBJECT
Object type: SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT
Object GUID: 4828cc14-1437-45bc-9b07-ad6f015e5f28 (LDAP attribute: "inetOrgPerso                                                                                                    n")
Permissions:
        [List Contents] (0x00000004)
        [Read All Properties] (0x00000010)
        [List Object] (0x00000080)
        [Read Permissions] (0x00020000)
------- ACE (type: 0x05, flags: 0x1a, size: 0x2c, mask: 0x20094, object flags: 0                                                                                                    x2)
access SID:  S-1-5-32-554
access type: ALLOWED OBJECT
Object type: SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT
Object GUID: bf967a9c-0de6-11d0-a285-00aa003049e2 (LDAP attribute: "group")
Permissions:
        [List Contents] (0x00000004)
        [Read All Properties] (0x00000010)
        [List Object] (0x00000080)
        [Read Permissions] (0x00020000)
------- ACE (type: 0x05, flags: 0x1a, size: 0x2c, mask: 0x20094, object flags: 0                                                                                                    x2)
access SID:  S-1-5-32-554
access type: ALLOWED OBJECT
Object type: SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT
Object GUID: bf967aba-0de6-11d0-a285-00aa003049e2 (LDAP attribute: "user")
Permissions:
        [List Contents] (0x00000004)
        [Read All Properties] (0x00000010)
        [List Object] (0x00000080)
        [Read Permissions] (0x00020000)
------- ACE (type: 0x05, flags: 0x13, size: 0x28, mask: 0x30, object flags: 0x1)
access SID:  S-1-5-10
access type: ALLOWED OBJECT
Object type: SEC_ACE_OBJECT_TYPE_PRESENT
Object GUID: 3f78c3e5-f79a-46bd-a0b8-9d18116ddc79 (LDAP attribute: "msDS-Allowed                                                                                                    ToActOnBehalfOfOtherIdentity")
Permissions:
        [Read All Properties] (0x00000010)
        [Write All Properties] (0x00000020)
------- ACE (type: 0x05, flags: 0x12, size: 0x28, mask: 0x130, object flags: 0x1                                                                                                    )
access SID:  S-1-5-10
access type: ALLOWED OBJECT
Object type: SEC_ACE_OBJECT_TYPE_PRESENT
Object GUID: 91e647de-d96f-4b70-9557-d63ff4f3ccd8 (Extended right: "Private Info                                                                                                    rmation")
Permissions:
        [Read All Properties] (0x00000010)
        [Write All Properties] (0x00000020)
        [Change Password] (0x00000100)
        [Reset Password] (0x00000100)
------- ACE (type: 0x00, flags: 0x12, size: 0x24, mask: 0xf01ff)
access SID:  S-1-5-21-1250655727-3960698816-3196376499-519
access type: ALLOWED
Permissions: [Full Control]
------- ACE (type: 0x00, flags: 0x12, size: 0x18, mask: 0x4)
access SID:  S-1-5-32-554
access type: ALLOWED
Permissions:
        [List Contents] (0x00000004)
------- ACE (type: 0x00, flags: 0x12, size: 0x18, mask: 0xf01bd)
access SID:  S-1-5-32-544
access type: ALLOWED
Permissions:
        [Create All Child Objects] (0x00000001)
        [List Contents] (0x00000004)
        [All validate writes] (0x00000008)
        [Read All Properties] (0x00000010)
        [Write All Properties] (0x00000020)
        [List Object] (0x00000080)
        [Change Password] (0x00000100)
        [Reset Password] (0x00000100)
        [Delete] (0x00010000)
        [Read Permissions] (0x00020000)
        [Modify Permissions] (0x00040000)
        [Modify Owner] (0x00080000)
-------------- End Of Security Descriptor
name: FREENAS
objectGUID: 4dc027db-ab5e-46ac-9be7-d93ba007d134
userAccountControl: 528416
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 0
lastLogoff: 0
lastLogon: 0
localPolicyFlags: 0
pwdLastSet: 130487981649368275
primaryGroupID: 515
userParameters: m:                    d
objectSid: S-1-5-21-1250655727-3960698816-3196376499-1614
accountExpires: 9223372036854775807
logonCount: 0
sAMAccountName: FREENAS$
sAMAccountType: 805306369
objectCategory: CN=Computer,CN=Schema,CN=Configuration,DC=DILLDESIGN,DC=local
isCriticalSystemObject: FALSE
msNPAllowDialin: TRUE
dSCorePropagationData: 20140702182258.0Z
dSCorePropagationData: 20140702180948.0Z
dSCorePropagationData: 16010101000000.0Z

 

[bcrowder]

Could be caused by this: https://bugs.freenas.org/issues/4432

I think the answer is downgrading to SMB2? Waiting on 9.2.1.6 to install and see if this corrects the errors. 9.2.1.6 defaults to SMB2 for this reason I think.

 

[Chris Dill]

I am on 9.2.1.6 and there is no change. I also have server max set to SMB2.

 

[kleinem]

Try to add the following line to /etc/ix/templates/kerberos/krb5.conf

Code:

[libdefaults]
  default_etypes = arcfour-hmac-md5

 

[Chris Dill]

So I fixed this issue by completely formatting and reinstalling FreeNAS, including all disks and shares. It remained stable for a month or so. then one random reboot Directory Services would not start. And now it is exactly where it was, same exact symptoms and problems. I am pretty close to abandoning FreeNAS and just installing a Windows file server that can join the domain. Not having access to any of my CIFS shares is proving problematic.

 

[averyfreeman]

I tried to downgrade to 9.3 to see if that could fix my AD connection issues but FreeNAS was completely unable to connect to my DC. I've had success with 11-1u but I had to do some digging into the Samba wiki to get my share to work while joined to AD.

https://forums.freenas.org/index.ph...ing-active-directory-domain-controller.56277/

Hope that helps.

 

[tvsjr]

I tried to downgrade to 9.3 to see if that could fix my AD connection issues but FreeNAS was completely unable to connect to my DC. I've had success with 11-1u but I had to do some digging into the Samba wiki to get my share to work while joined to AD.

https://forums.freenas.org/index.ph...ing-active-directory-domain-controller.56277/

Hope that helps.

Considering the last post was almost 3 years ago, maybe not.