SOLVED Can't Join AD (all of a sudden)

IonutZ · Jan 4, 2017

Hey guys,

Had a perfectly working configuration. It could be that the latest update messed things up for me, but now I get "AD_join_domain: Failed" with absolutely no reason. Can you guys suggest any remedy? Been at this for 8 hours now resolving all of my DC's errors and to no avail... tried everything under the sun. I'm inclined to think it's a NetBIOS issue because I can't seem to get my DC to become the domain master browser - but at the same time, everything has worked fine up until a few days ago... (for months). Thought it might have been a Kerberos issue, but my username still authenticates fine.

Code:

Jan  4 17:59:30 mynas adtool: [common.pipesubr:66] Popen()ing: klist
Jan  4 17:59:30 mynas adtool: [common.pipesubr:66] Popen()ing: /usr/bin/kinit --renewable --password-file=/tmp/tmpjPeQsU mynas@spank.US
Jan  4 17:59:30 mynas ActiveDirectory: /usr/local/bin/python /usr/local/bin/midclt call notifier.stop cifs
Jan  4 17:59:31 mynas notifier: Stopping winbindd.
Jan  4 17:59:31 mynas winbindd[17402]: [2017/01/04 17:59:31.020054,  0] ../source3/winbindd/winbindd.c:280(winbindd_sig_term_handler)
Jan  4 17:59:31 mynas winbindd[17402]:   Got sig[15] terminate (is_parent=1)
Jan  4 17:59:31 mynas winbindd[17403]: [2017/01/04 17:59:31.021211,  0] ../source3/winbindd/winbindd.c:280(winbindd_sig_term_handler)
Jan  4 17:59:31 mynas winbindd[17403]:   Got sig[15] terminate (is_parent=0)
Jan  4 17:59:31 mynas notifier: Waiting for PIDS: 17402.
Jan  4 17:59:31 mynas notifier: Stopping smbd.
Jan  4 17:59:32 mynas notifier: Waiting for PIDS: 17396, 17396.
Jan  4 17:59:32 mynas notifier: Stopping nmbd.
Jan  4 17:59:32 mynas nmbd[17392]: [2017/01/04 17:59:32.040782,  0] ../source3/nmbd/nmbd.c:58(terminate)
Jan  4 17:59:32 mynas nmbd[17392]:   Got SIGTERM: going down...
Jan  4 17:59:32 mynas notifier: Waiting for PIDS: 17392.
Jan  4 17:59:32 mynas ActiveDirectory: /usr/sbin/service ix-hostname quietstart
Jan  4 17:59:32 mynas ActiveDirectory: /usr/sbin/service ix-kerberos quietstart default spank.US
Jan  4 17:59:32 mynas ActiveDirectory: /usr/sbin/service ix-nsswitch quietstart
Jan  4 17:59:32 mynas ActiveDirectory: /usr/sbin/service ix-ldap quietstart
Jan  4 17:59:32 mynas ActiveDirectory: /usr/sbin/service ix-kinit quietstart
Jan  4 17:59:32 mynas ActiveDirectory: kerberos_start: /usr/bin/kinit --renewable --password-file=/tmp/tmp.mUcPS1Ev mynas@spank.US
Jan  4 17:59:33 mynas ActiveDirectory: kerberos_start: Successful
Jan  4 17:59:33 mynas ActiveDirectory: /usr/sbin/service ix-kinit status
Jan  4 17:59:34 mynas ActiveDirectory: kerberos_status: klist -t
Jan  4 17:59:34 mynas ActiveDirectory: kerberos_status: Successful
Jan  4 17:59:34 mynas ActiveDirectory: /usr/local/bin/python /usr/local/bin/midclt call notifier.start cifs
Jan  4 17:59:34 mynas notifier: Performing sanity check on Samba configuration: OK
Jan  4 17:59:34 mynas notifier: Starting nmbd.
Jan  4 17:59:34 mynas nmbd[19443]: [2017/01/04 17:59:34.995474,  2] ../source3/lib/tallocmsg.c:56(register_msg_pool_usage)
Jan  4 17:59:34 mynas nmbd[19443]:   Registered MSG_REQ_POOL_USAGE
Jan  4 17:59:34 mynas nmbd[19443]: [2017/01/04 17:59:34.995546,  2] ../source3/lib/dmallocmsg.c:78(register_dmalloc_msgs)
Jan  4 17:59:34 mynas nmbd[19443]:   Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
Jan  4 17:59:34 mynas nmbd[19444]: [2017/01/04 17:59:34.997828,  2] ../source3/lib/interface.c:345(add_interface)
Jan  4 17:59:34 mynas nmbd[19444]:   added interface lo0 ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0
Jan  4 17:59:34 mynas nmbd[19444]: [2017/01/04 17:59:34.997859,  2] ../source3/lib/interface.c:345(add_interface)
Jan  4 17:59:34 mynas nmbd[19444]:   added interface igb0 ip=24.0.0.10 bcast=24.0.255.255 netmask=255.255.0.0
Jan  4 17:59:34 mynas nmbd[19444]: [2017/01/04 17:59:34.997894,  2] ../source3/nmbd/nmbd_subnetdb.c:180(make_subnet)
Jan  4 17:59:34 mynas nmbd[19444]:   making subnet name:24.0.0.10 Broadcast address:24.0.255.255 Subnet mask:255.255.0.0
Jan  4 17:59:34 mynas nmbd[19444]: [2017/01/04 17:59:34.997905,  2] ../source3/nmbd/nmbd_subnetdb.c:311(create_subnets)
Jan  4 17:59:34 mynas nmbd[19444]:   create_subnets: Ignoring loopback interface.
Jan  4 17:59:34 mynas nmbd[19444]: [2017/01/04 17:59:34.997913,  2] ../source3/nmbd/nmbd_subnetdb.c:180(make_subnet)
Jan  4 17:59:34 mynas nmbd[19444]:   making subnet name:UNICAST_SUBNET Broadcast address:24.0.0.10 Subnet mask:24.0.0.10
Jan  4 17:59:34 mynas nmbd[19444]: [2017/01/04 17:59:34.997923,  2] ../source3/nmbd/nmbd_subnetdb.c:180(make_subnet)
Jan  4 17:59:34 mynas nmbd[19444]:   making subnet name:REMOTE_BROADCAST_SUBNET Broadcast address:0.0.0.0 Subnet mask:0.0.0.0
Jan  4 17:59:34 mynas nmbd[19444]: [2017/01/04 17:59:34.997932,  2] ../source3/nmbd/nmbd_subnetdb.c:180(make_subnet)
Jan  4 17:59:34 mynas nmbd[19444]:   making subnet name:WINS_SERVER_SUBNET Broadcast address:0.0.0.0 Subnet mask:0.0.0.0
Jan  4 17:59:34 mynas nmbd[19444]: [2017/01/04 17:59:34.997953,  2] ../source3/nmbd/nmbd_lmhosts.c:43(load_lmhosts_file)
Jan  4 17:59:34 mynas nmbd[19444]:   load_lmhosts_file: Can't open lmhosts file /usr/local/etc/lmhosts. Error was No such file or directory
Jan  4 17:59:34 mynas notifier: Starting smbd.
Jan  4 17:59:34 mynas nmbd[19444]: [2017/01/04 17:59:34.998463,  0] ../lib/util/become_daemon.c:124(daemon_ready)
Jan  4 17:59:34 mynas nmbd[19444]:   STATUS=daemon 'nmbd' finished starting up and ready to serve connections
Jan  4 17:59:34 mynas nmbd[19444]: [2017/01/04 17:59:34.998765,  0] ../source3/nmbd/nmbd_become_dmb.c:339(become_domain_master_browser_wins)
Jan  4 17:59:34 mynas nmbd[19444]:   become_domain_master_browser_wins:
Jan  4 17:59:34 mynas nmbd[19444]:   Attempting to become domain master browser on workgroup spankDC, subnet UNICAST_SUBNET.
Jan  4 17:59:34 mynas nmbd[19444]: [2017/01/04 17:59:34.998784,  0] ../source3/nmbd/nmbd_become_dmb.c:353(become_domain_master_browser_wins)
Jan  4 17:59:34 mynas nmbd[19444]:   become_domain_master_browser_wins: querying WINS server from IP 24.0.0.10 for domain master browser name spankDC<1b> on workgroup spankDC
Jan  4 17:59:34 mynas nmbd[19444]: [2017/01/04 17:59:34.998872,  2] ../source3/nmbd/nmbd_become_dmb.c:181(become_domain_master_stage1)
Jan  4 17:59:34 mynas nmbd[19444]:   become_domain_master_stage1: Becoming domain master browser for workgroup spankDC on subnet UNICAST_SUBNET
Jan  4 17:59:34 mynas nmbd[19444]: [2017/01/04 17:59:34.998990,  0] ../source3/nmbd/nmbd_become_dmb.c:112(become_domain_master_stage2)
Jan  4 17:59:34 mynas nmbd[19444]:   *****
Jan  4 17:59:34 mynas nmbd[19444]:
Jan  4 17:59:34 mynas nmbd[19444]:   Samba server mynas is now a domain master browser for workgroup spankDC on subnet UNICAST_SUBNET
Jan  4 17:59:34 mynas nmbd[19444]:
Jan  4 17:59:34 mynas nmbd[19444]:   *****
Jan  4 17:59:34 mynas nmbd[19444]: [2017/01/04 17:59:34.999024,  0] ../source3/nmbd/nmbd_become_dmb.c:294(become_domain_master_browser_bcast)
Jan  4 17:59:34 mynas nmbd[19444]:   become_domain_master_browser_bcast:
Jan  4 17:59:34 mynas nmbd[19444]:   Attempting to become domain master browser on workgroup spankDC on subnet 24.0.0.10
Jan  4 17:59:34 mynas nmbd[19444]: [2017/01/04 17:59:34.999036,  0] ../source3/nmbd/nmbd_become_dmb.c:307(become_domain_master_browser_bcast)
Jan  4 17:59:34 mynas nmbd[19444]:   become_domain_master_browser_bcast: querying subnet 24.0.0.10 for domain master browser on workgroup spankDC
Jan  4 17:59:35 mynas smbd[19447]: [2017/01/04 17:59:35.037054,  2] ../source3/param/loadparm.c:2689(lp_do_section)
Jan  4 17:59:35 mynas smbd[19447]:   Processing section "[spank]"
Jan  4 17:59:35 mynas smbd[19447]: [2017/01/04 17:59:35.037359,  2] ../source3/param/loadparm.c:2689(lp_do_section)
Jan  4 17:59:35 mynas smbd[19447]:   Processing section "[Media]"
Jan  4 17:59:35 mynas smbd[19447]: [2017/01/04 17:59:35.037596,  2] ../source3/param/loadparm.c:2689(lp_do_section)
Jan  4 17:59:35 mynas smbd[19447]:   Processing section "[Music]"
Jan  4 17:59:35 mynas smbd[19447]: [2017/01/04 17:59:35.037824,  2] ../source3/param/loadparm.c:2689(lp_do_section)
Jan  4 17:59:35 mynas smbd[19447]:   Processing section "[Personal]"
Jan  4 17:59:35 mynas smbd[19447]: [2017/01/04 17:59:35.038169,  2] ../source3/lib/interface.c:345(add_interface)
Jan  4 17:59:35 mynas smbd[19447]:   added interface lo0 ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0
Jan  4 17:59:35 mynas smbd[19447]: [2017/01/04 17:59:35.038192,  2] ../source3/lib/interface.c:345(add_interface)
Jan  4 17:59:35 mynas smbd[19447]:   added interface igb0 ip=24.0.0.10 bcast=24.0.255.255 netmask=255.255.0.0
Jan  4 17:59:35 mynas smbd[19447]: [2017/01/04 17:59:35.038251,  1] ../source3/profile/profile_dummy.c:30(set_profile_level)
Jan  4 17:59:35 mynas smbd[19447]:   INFO: Profiling support unavailable in this build.
Jan  4 17:59:35 mynas smbd[19448]: [2017/01/04 17:59:35.039292,  2] ../source3/passdb/pdb_interface.c:160(make_pdb_method_name)
Jan  4 17:59:35 mynas smbd[19448]:   No builtin backend found, trying to load plugin
Jan  4 17:59:35 mynas smbd[19448]: [2017/01/04 17:59:35.039569,  2] ../lib/util/modules.c:196(do_smb_load_module)
Jan  4 17:59:35 mynas smbd[19448]:   Module 'tdbsam' loaded
Jan  4 17:59:35 mynas notifier: Starting winbindd.
Jan  4 17:59:35 mynas smbd[19448]: [2017/01/04 17:59:35.043532,  1] ../source3/smbd/files.c:218(file_init_global)
Jan  4 17:59:35 mynas smbd[19448]:   file_init_global: Information only: requested 941663 open files, 59392 are available.
Jan  4 17:59:35 mynas smbd[19448]: [2017/01/04 17:59:35.045273,  0] ../lib/util/become_daemon.c:124(daemon_ready)
Jan  4 17:59:35 mynas smbd[19448]:   STATUS=daemon 'smbd' finished starting up and ready to serve connections
Jan  4 17:59:35 mynas smbd[19448]: [2017/01/04 17:59:35.045434,  2] ../source3/smbd/server.c:1125(smbd_parent_loop)
Jan  4 17:59:35 mynas smbd[19448]:   waiting for connections
Jan  4 17:59:35 mynas winbindd[19451]: [2017/01/04 17:59:35.074923,  2] ../source3/lib/interface.c:345(add_interface)
Jan  4 17:59:35 mynas winbindd[19451]:   added interface lo0 ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0
Jan  4 17:59:35 mynas winbindd[19451]: [2017/01/04 17:59:35.075041,  2] ../source3/lib/interface.c:345(add_interface)
Jan  4 17:59:35 mynas winbindd[19451]:   added interface igb0 ip=24.0.0.10 bcast=24.0.255.255 netmask=255.255.0.0
Jan  4 17:59:35 mynas winbindd[19451]: [2017/01/04 17:59:35.075464,  2] ../source3/lib/interface.c:345(add_interface)
Jan  4 17:59:35 mynas winbindd[19451]:   added interface lo0 ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0
Jan  4 17:59:35 mynas winbindd[19451]: [2017/01/04 17:59:35.075487,  2] ../source3/lib/interface.c:345(add_interface)
Jan  4 17:59:35 mynas winbindd[19451]:   added interface igb0 ip=24.0.0.10 bcast=24.0.255.255 netmask=255.255.0.0
Jan  4 17:59:35 mynas winbindd[19454]: [2017/01/04 17:59:35.079306,  1] ../source3/lib/tdb_validate.c:480(tdb_validate_and_backup)
Jan  4 17:59:35 mynas winbindd[19454]:   tdb '/var/db/samba4/winbindd_cache.tdb' is valid
Jan  4 17:59:35 mynas winbindd[19454]: [2017/01/04 17:59:35.102778,  1] ../source3/lib/tdb_validate.c:490(tdb_validate_and_backup)
Jan  4 17:59:35 mynas winbindd[19454]:   Created backup '/var/db/samba4/winbindd_cache.tdb.bak' of tdb '/var/db/samba4/winbindd_cache.tdb'
Jan  4 17:59:35 mynas winbindd[19454]: [2017/01/04 17:59:35.103142,  2] ../source3/winbindd/winbindd_util.c:288(add_trusted_domain_from_tdc)
Jan  4 17:59:35 mynas winbindd[19454]:   Added domain BUILTIN (null) S-1-5-32
Jan  4 17:59:35 mynas winbindd[19454]: [2017/01/04 17:59:35.103196,  2] ../source3/winbindd/winbindd_util.c:288(add_trusted_domain_from_tdc)
Jan  4 17:59:35 mynas winbindd[19454]:   Added domain mynas (null) S-1-5-21-3441049416-3890697936-3376474394
Jan  4 17:59:35 mynas winbindd[19454]: [2017/01/04 17:59:35.103238,  2] ../source3/winbindd/winbindd_util.c:288(add_trusted_domain_from_tdc)
Jan  4 17:59:35 mynas winbindd[19454]:   Added domain spankDC spank.US S-1-5-21-3004940754-3890762002-1328762238
Jan  4 17:59:35 mynas winbindd[19454]: [2017/01/04 17:59:35.103379,  2] ../source3/lib/tallocmsg.c:56(register_msg_pool_usage)
Jan  4 17:59:35 mynas winbindd[19454]:   Registered MSG_REQ_POOL_USAGE
Jan  4 17:59:35 mynas winbindd[19454]: [2017/01/04 17:59:35.103397,  2] ../source3/lib/dmallocmsg.c:78(register_dmalloc_msgs)
Jan  4 17:59:35 mynas winbindd[19454]:   Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
Jan  4 17:59:35 mynas winbindd[19454]: [2017/01/04 17:59:35.103677,  0] ../lib/util/become_daemon.c:124(daemon_ready)
Jan  4 17:59:35 mynas winbindd[19454]:   STATUS=daemon 'winbindd' finished starting up and ready to serve connections
Jan  4 17:59:35 mynas ActiveDirectory: /usr/sbin/service ix-activedirectory quietstart
Jan  4 17:59:35 mynas ActiveDirectory: activedirectory_start: trying to join domain
Jan  4 17:59:35 mynas ActiveDirectory: AD_join_domain: net -k ads join spank.US -S DC.spank.US -p 389
Jan  4 17:59:36 mynas ActiveDirectory: AD_join_domain: Failed
Jan  4 17:59:36 mynas ActiveDirectory: /usr/local/bin/python /usr/local/bin/midclt call notifier.stop cifs
Jan  4 17:59:37 mynas notifier: Stopping winbindd.
Jan  4 17:59:37 mynas winbindd[19454]: [2017/01/04 17:59:37.097962,  0] ../source3/winbindd/winbindd.c:280(winbindd_sig_term_handler)
Jan  4 17:59:37 mynas winbindd[19454]:   Got sig[15] terminate (is_parent=1)
Jan  4 17:59:37 mynas notifier: Waiting for PIDS: 19454.
Jan  4 17:59:37 mynas notifier: Stopping smbd.
Jan  4 17:59:38 mynas notifier: Waiting for PIDS: 19448, 19448.
Jan  4 17:59:38 mynas notifier: Stopping nmbd.
Jan  4 17:59:38 mynas nmbd[19444]: [2017/01/04 17:59:38.111501,  0] ../source3/nmbd/nmbd.c:58(terminate)
Jan  4 17:59:38 mynas nmbd[19444]:   Got SIGTERM: going down...
Jan  4 17:59:38 mynas notifier: Waiting for PIDS: 19444.
Jan  4 17:59:38 mynas ActiveDirectory: /usr/sbin/service ix-kerberos quietstop
Jan  4 17:59:38 mynas ActiveDirectory: /usr/sbin/service ix-nsswitch quietstop
Jan  4 17:59:38 mynas ActiveDirectory: /usr/sbin/service ix-pam quietstop
Jan  4 17:59:38 mynas ActiveDirectory: /usr/sbin/service ix-activedirectory forcestop
Jan  4 17:59:39 mynas ActiveDirectory: activedirectory_stop: leaving domain
Jan  4 17:59:39 mynas adtool: [common.pipesubr:66] Popen()ing: klist
Jan  4 17:59:39 mynas ActiveDirectory: /usr/sbin/service ix-cache quietstop &
Jan  4 17:59:40 mynas ActiveDirectory: /usr/sbin/service samba_server forcestop
Jan  4 17:59:40 mynas ActiveDirectory: /usr/local/bin/python /usr/local/bin/midclt call notifier.start cifs
Jan  4 17:59:41 mynas notifier: Performing sanity check on Samba configuration: OK
Jan  4 17:59:41 mynas notifier: Starting nmbd.
Jan  4 17:59:41 mynas nmbd[20864]: [2017/01/04 17:59:41.455570,  2] ../source3/lib/tallocmsg.c:56(register_msg_pool_usage)
Jan  4 17:59:41 mynas nmbd[20864]:   Registered MSG_REQ_POOL_USAGE
Jan  4 17:59:41 mynas nmbd[20864]: [2017/01/04 17:59:41.455644,  2] ../source3/lib/dmallocmsg.c:78(register_dmalloc_msgs)
Jan  4 17:59:41 mynas nmbd[20864]:   Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
Jan  4 17:59:41 mynas nmbd[20865]: [2017/01/04 17:59:41.457600,  2] ../source3/lib/interface.c:345(add_interface)
Jan  4 17:59:41 mynas nmbd[20865]:   added interface lo0 ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0
Jan  4 17:59:41 mynas nmbd[20865]: [2017/01/04 17:59:41.457631,  2] ../source3/lib/interface.c:345(add_interface)
Jan  4 17:59:41 mynas nmbd[20865]:   added interface igb0 ip=24.0.0.10 bcast=24.0.255.255 netmask=255.255.0.0
Jan  4 17:59:41 mynas nmbd[20865]: [2017/01/04 17:59:41.457665,  2] ../source3/nmbd/nmbd_subnetdb.c:180(make_subnet)
Jan  4 17:59:41 mynas nmbd[20865]:   making subnet name:24.0.0.10 Broadcast address:24.0.255.255 Subnet mask:255.255.0.0
Jan  4 17:59:41 mynas nmbd[20865]: [2017/01/04 17:59:41.457677,  2] ../source3/nmbd/nmbd_subnetdb.c:311(create_subnets)
Jan  4 17:59:41 mynas nmbd[20865]:   create_subnets: Ignoring loopback interface.
Jan  4 17:59:41 mynas nmbd[20865]: [2017/01/04 17:59:41.457686,  2] ../source3/nmbd/nmbd_subnetdb.c:180(make_subnet)
Jan  4 17:59:41 mynas nmbd[20865]:   making subnet name:UNICAST_SUBNET Broadcast address:24.0.0.10 Subnet mask:24.0.0.10
Jan  4 17:59:41 mynas nmbd[20865]: [2017/01/04 17:59:41.457695,  2] ../source3/nmbd/nmbd_subnetdb.c:180(make_subnet)
Jan  4 17:59:41 mynas nmbd[20865]:   making subnet name:REMOTE_BROADCAST_SUBNET Broadcast address:0.0.0.0 Subnet mask:0.0.0.0
Jan  4 17:59:41 mynas nmbd[20865]: [2017/01/04 17:59:41.457705,  2] ../source3/nmbd/nmbd_subnetdb.c:180(make_subnet)
Jan  4 17:59:41 mynas nmbd[20865]:   making subnet name:WINS_SERVER_SUBNET Broadcast address:0.0.0.0 Subnet mask:0.0.0.0
Jan  4 17:59:41 mynas nmbd[20865]: [2017/01/04 17:59:41.457726,  2] ../source3/nmbd/nmbd_lmhosts.c:43(load_lmhosts_file)
Jan  4 17:59:41 mynas nmbd[20865]:   load_lmhosts_file: Can't open lmhosts file /usr/local/etc/lmhosts. Error was No such file or directory
Jan  4 17:59:41 mynas notifier: Starting smbd.
Jan  4 17:59:41 mynas nmbd[20865]: [2017/01/04 17:59:41.458245,  0] ../lib/util/become_daemon.c:124(daemon_ready)
Jan  4 17:59:41 mynas nmbd[20865]:   STATUS=daemon 'nmbd' finished starting up and ready to serve connections
Jan  4 17:59:41 mynas nmbd[20865]: [2017/01/04 17:59:41.458580,  0] ../source3/nmbd/nmbd_become_dmb.c:339(become_domain_master_browser_wins)
Jan  4 17:59:41 mynas nmbd[20865]:   become_domain_master_browser_wins:
Jan  4 17:59:41 mynas nmbd[20865]:   Attempting to become domain master browser on workgroup spankDC, subnet UNICAST_SUBNET.
Jan  4 17:59:41 mynas nmbd[20865]: [2017/01/04 17:59:41.458600,  0] ../source3/nmbd/nmbd_become_dmb.c:353(become_domain_master_browser_wins)
Jan  4 17:59:41 mynas nmbd[20865]:   become_domain_master_browser_wins: querying WINS server from IP 24.0.0.10 for domain master browser name spankDC<1b> on workgroup spankDC
Jan  4 17:59:41 mynas nmbd[20865]: [2017/01/04 17:59:41.458691,  2] ../source3/nmbd/nmbd_become_dmb.c:181(become_domain_master_stage1)
Jan  4 17:59:41 mynas nmbd[20865]:   become_domain_master_stage1: Becoming domain master browser for workgroup spankDC on subnet UNICAST_SUBNET
Jan  4 17:59:41 mynas nmbd[20865]: [2017/01/04 17:59:41.458832,  0] ../source3/nmbd/nmbd_become_dmb.c:112(become_domain_master_stage2)
Jan  4 17:59:41 mynas nmbd[20865]:   *****
Jan  4 17:59:41 mynas nmbd[20865]:
Jan  4 17:59:41 mynas nmbd[20865]:   Samba server mynas is now a domain master browser for workgroup spankDC on subnet UNICAST_SUBNET
Jan  4 17:59:41 mynas nmbd[20865]:
Jan  4 17:59:41 mynas nmbd[20865]:   *****
Jan  4 17:59:41 mynas nmbd[20865]: [2017/01/04 17:59:41.458882,  0] ../source3/nmbd/nmbd_become_dmb.c:294(become_domain_master_browser_bcast)
Jan  4 17:59:41 mynas nmbd[20865]:   become_domain_master_browser_bcast:
Jan  4 17:59:41 mynas nmbd[20865]:   Attempting to become domain master browser on workgroup spankDC on subnet 24.0.0.10
Jan  4 17:59:41 mynas nmbd[20865]: [2017/01/04 17:59:41.458898,  0] ../source3/nmbd/nmbd_become_dmb.c:307(become_domain_master_browser_bcast)
Jan  4 17:59:41 mynas nmbd[20865]:   become_domain_master_browser_bcast: querying subnet 24.0.0.10 for domain master browser on workgroup spankDC
Jan  4 17:59:41 mynas smbd[20868]: [2017/01/04 17:59:41.496213,  2] ../source3/param/loadparm.c:2689(lp_do_section)
Jan  4 17:59:41 mynas smbd[20868]:   Processing section "[spank]"
Jan  4 17:59:41 mynas smbd[20868]: [2017/01/04 17:59:41.496518,  2] ../source3/param/loadparm.c:2689(lp_do_section)
Jan  4 17:59:41 mynas smbd[20868]:   Processing section "[Media]"
Jan  4 17:59:41 mynas smbd[20868]: [2017/01/04 17:59:41.496740,  2] ../source3/param/loadparm.c:2689(lp_do_section)
Jan  4 17:59:41 mynas smbd[20868]:   Processing section "[Music]"
Jan  4 17:59:41 mynas smbd[20868]: [2017/01/04 17:59:41.496963,  2] ../source3/param/loadparm.c:2689(lp_do_section)
Jan  4 17:59:41 mynas smbd[20868]:   Processing section "[Personal]"
Jan  4 17:59:41 mynas smbd[20868]: [2017/01/04 17:59:41.497298,  2] ../source3/lib/interface.c:345(add_interface)
Jan  4 17:59:41 mynas smbd[20868]:   added interface lo0 ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0
Jan  4 17:59:41 mynas smbd[20868]: [2017/01/04 17:59:41.497320,  2] ../source3/lib/interface.c:345(add_interface)
Jan  4 17:59:41 mynas smbd[20868]:   added interface igb0 ip=24.0.0.10 bcast=24.0.255.255 netmask=255.255.0.0
Jan  4 17:59:41 mynas smbd[20868]: [2017/01/04 17:59:41.497382,  1] ../source3/profile/profile_dummy.c:30(set_profile_level)
Jan  4 17:59:41 mynas smbd[20868]:   INFO: Profiling support unavailable in this build.
Jan  4 17:59:41 mynas smbd[20869]: [2017/01/04 17:59:41.498418,  2] ../source3/passdb/pdb_interface.c:160(make_pdb_method_name)
Jan  4 17:59:41 mynas smbd[20869]:   No builtin backend found, trying to load plugin
Jan  4 17:59:41 mynas smbd[20869]: [2017/01/04 17:59:41.498702,  2] ../lib/util/modules.c:196(do_smb_load_module)
Jan  4 17:59:41 mynas smbd[20869]:   Module 'tdbsam' loaded
Jan  4 17:59:41 mynas notifier: Starting winbindd.
Jan  4 17:59:41 mynas smbd[20869]: [2017/01/04 17:59:41.501781,  1] ../source3/smbd/files.c:218(file_init_global)
Jan  4 17:59:41 mynas smbd[20869]:   file_init_global: Information only: requested 941663 open files, 59392 are available.
Jan  4 17:59:41 mynas smbd[20869]: [2017/01/04 17:59:41.503556,  0] ../lib/util/become_daemon.c:124(daemon_ready)
Jan  4 17:59:41 mynas smbd[20869]:   STATUS=daemon 'smbd' finished starting up and ready to serve connections
Jan  4 17:59:41 mynas smbd[20869]: [2017/01/04 17:59:41.503706,  2] ../source3/smbd/server.c:1125(smbd_parent_loop)
Jan  4 17:59:41 mynas smbd[20869]:   waiting for connections
Jan  4 17:59:41 mynas winbindd[20872]: [2017/01/04 17:59:41.533418,  2] ../source3/lib/interface.c:345(add_interface)
Jan  4 17:59:41 mynas winbindd[20872]:   added interface lo0 ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0
Jan  4 17:59:41 mynas winbindd[20872]: [2017/01/04 17:59:41.533542,  2] ../source3/lib/interface.c:345(add_interface)
Jan  4 17:59:41 mynas winbindd[20872]:   added interface igb0 ip=24.0.0.10 bcast=24.0.255.255 netmask=255.255.0.0
Jan  4 17:59:41 mynas winbindd[20872]: [2017/01/04 17:59:41.533597,  2] ../source3/lib/interface.c:345(add_interface)
Jan  4 17:59:41 mynas winbindd[20872]:   added interface lo0 ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0
Jan  4 17:59:41 mynas winbindd[20872]: [2017/01/04 17:59:41.533612,  2] ../source3/lib/interface.c:345(add_interface)
Jan  4 17:59:41 mynas winbindd[20872]:   added interface igb0 ip=24.0.0.10 bcast=24.0.255.255 netmask=255.255.0.0
Jan  4 17:59:41 mynas winbindd[20875]: [2017/01/04 17:59:41.534996,  0] ../source3/winbindd/winbindd_cache.c:3245(initialize_winbindd_cache)
Jan  4 17:59:41 mynas winbindd[20875]:   initialize_winbindd_cache: clearing cache and re-creating with version number 2
Jan  4 17:59:41 mynas winbindd[20875]: [2017/01/04 17:59:41.535544,  2] ../source3/winbindd/winbindd_util.c:288(add_trusted_domain_from_tdc)
Jan  4 17:59:41 mynas winbindd[20875]:   Added domain BUILTIN (null) S-1-5-32
Jan  4 17:59:41 mynas winbindd[20875]: [2017/01/04 17:59:41.535596,  2] ../source3/winbindd/winbindd_util.c:288(add_trusted_domain_from_tdc)
Jan  4 17:59:41 mynas winbindd[20875]:   Added domain mynas (null) S-1-5-21-3441049416-3890697936-3376474394
Jan  4 17:59:41 mynas winbindd[20875]: [2017/01/04 17:59:41.535642,  2] ../source3/lib/tallocmsg.c:56(register_msg_pool_usage)
Jan  4 17:59:41 mynas winbindd[20875]:   Registered MSG_REQ_POOL_USAGE
Jan  4 17:59:41 mynas winbindd[20875]: [2017/01/04 17:59:41.535651,  2] ../source3/lib/dmallocmsg.c:78(register_dmalloc_msgs)
Jan  4 17:59:41 mynas winbindd[20875]:   Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
Jan  4 17:59:41 mynas winbindd[20875]: [2017/01/04 17:59:41.535885,  0] ../lib/util/become_daemon.c:124(daemon_ready)
Jan  4 17:59:41 mynas winbindd[20875]:   STATUS=daemon 'winbindd' finished starting up and ready to serve connections
Jan  4 17:59:41 mynas winbindd[20876]: [2017/01/04 17:59:41.537188,  2] ../source3/passdb/pdb_interface.c:160(make_pdb_method_name)
Jan  4 17:59:41 mynas winbindd[20876]:   No builtin backend found, trying to load plugin
Jan  4 17:59:41 mynas winbindd[20876]: [2017/01/04 17:59:41.537662,  2] ../lib/util/modules.c:196(do_smb_load_module)
Jan  4 17:59:41 mynas winbindd[20876]:   Module 'tdbsam' loaded
Jan  4 17:59:41 mynas ActiveDirectory: /usr/sbin/service ix-kinit forcestop
Jan  4 17:59:42 mynas ActiveDirectory: /usr/sbin/service ix-hostname quietstart

Your help is greatly appreciated! :)

dlavigne · Jan 5, 2017

The version of Samba did change in the latest update which may be a factor.

Please create a bug report at bugs.freenas.org that includes a debug (System -> Advanced -> Save Debug) and post the issue number here. Note to other followers of this thread, that bug won't be visible while the debug is attached but once the dev isolates the issue and the debug is removed, the bug will become visible.

IonutZ · Jan 5, 2017

dlavigne said:
The version of Samba did change in the latest update which may be a factor.

Please create a bug report at bugs.freenas.org that includes a debug (System -> Advanced -> Save Debug) and post the issue number here. Note to other followers of this thread, that bug won't be visible while the debug is attached but once the dev isolates the issue and the debug is removed, the bug will become visible.

Opened the following bug. https://bugs.freenas.org/issues/20045

bigphil · Jan 5, 2017

Could you post a little more information about your config...SMB service settings and Active Directory settings from FreeNAS. Time between the DC and FreeNAS is in sync? If you're using Windows for AD, what version of Windows, domain function level, forest function level?

IonutZ · Jan 5, 2017

bigphil said:
Could you post a little more information about your config...SMB service settings and Active Directory settings from FreeNAS. Time between the DC and FreeNAS is in sync? If you're using Windows for AD, what version of Windows, domain function level, forest function level?

Time is in sync - always the first thing I check.
Using Windows Server 2016 with a domain / forest level of Windows Server 2016.
Only 1 DC in the domain/forest. DC is also DHCP / DNS.

Here is my smb4.conf (redacted)

Code:

[global]
	server max protocol = SMB3_00
	interfaces = 127.0.0.1 xx.xx.xx.xx
	bind interfaces only = yes
	encrypt passwords = yes
	dns proxy = no
	strict locking = no
	oplocks = yes
	deadtime = 15
	max log size = 51200
	max open files = 941663
	logging = syslog:2
	load printers = no
	printing = bsd
	printcap name = /dev/null
	disable spoolss = yes
	getwd cache = yes
	guest account = nobody
	map to guest = Bad User
	obey pam restrictions = no
	directory name cache size = 0
	kernel change notify = no
	panic action = /usr/local/libexec/samba/samba-backtrace
	nsupdate command = /usr/local/bin/samba-nsupdate -g
	server string = NAME OF NAS
	ea support = yes
	store dos attributes = yes
	lm announce = yes
	hostname lookups = yes
	unix extensions = no
	acl allow execute always = true
	dos filemode = yes
	multicast dns register = yes
	domain logons = no
	local master = no
	idmap config *: backend = tdb
	idmap config *: range = 90000001-100000000
	server role = standalone
	netbios name = NASA
	workgroup = ATEXDC
	security = user
	pid directory = /var/run/samba
	create mask = 0666
	directory mask = 0777
	client ntlmv2 auth = yes
	dos charset = CP850
	unix charset = UTF-8
	log level = 2
	socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE SO_RCVBUF=98304 SO_SNDBUF=98304

IonutZ · Jan 5, 2017

IonutZ said:

Time is in sync - always the first thing I check.
Using Windows Server 2016 with a domain / forest level of Windows Server 2016.
Only 1 DC in the domain/forest. DC is also DHCP / DNS / RRAS (router).

Extranet > Firewall > RRAS > Intranet > NAS

Here is my smb4.conf (redacted)

Code:

[global]
	server max protocol = SMB3_00
	interfaces = 127.0.0.1 xx.xx.xx.xx
	bind interfaces only = yes
	encrypt passwords = yes
	dns proxy = no
	strict locking = no
	oplocks = yes
	deadtime = 15
	max log size = 51200
	max open files = 941663
	logging = syslog:2
	load printers = no
	printing = bsd
	printcap name = /dev/null
	disable spoolss = yes
	getwd cache = yes
	guest account = nobody
	map to guest = Bad User
	obey pam restrictions = no
	directory name cache size = 0
	kernel change notify = no
	panic action = /usr/local/libexec/samba/samba-backtrace
	nsupdate command = /usr/local/bin/samba-nsupdate -g
	server string = NAME OF NAS
	ea support = yes
	store dos attributes = yes
	lm announce = yes
	hostname lookups = yes
	unix extensions = no
	acl allow execute always = true
	dos filemode = yes
	multicast dns register = yes
	domain logons = no
	local master = no
	idmap config *: backend = tdb
	idmap config *: range = 90000001-100000000
	server role = standalone
	netbios name = NASA
	workgroup = ATEXDC
	security = user
	pid directory = /var/run/samba
	create mask = 0666
	directory mask = 0777
	client ntlmv2 auth = yes
	dos charset = CP850
	unix charset = UTF-8
	log level = 2
	socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE SO_RCVBUF=98304 SO_SNDBUF=98304

bigphil · Jan 5, 2017

Change idmap backend to "rid". This is under the advanced settings on the Active Directory configuration in FreeNAS.

IonutZ · Jan 5, 2017

That is super weird, it is "rid" in the GUI. I knew for a fact that I was on "rid".... I'm going to see if I can find a workaround.

IonutZ · Jan 5, 2017

Changing to rid didn't do anything... also smb4.conf stays on tdb when you change UI to rid - probably by design?

bigphil · Jan 5, 2017

Something isn't right then. I compared your smb4.conf file with mine and yours seems to be missing a lot of info. I suggest you disable AD integration, stop SMB, backup and then delete your smb4.conf file in /usr/local/etc and then reboot FreeNAS and start from scratch on the config.

IonutZ · Jan 5, 2017

bigphil said:
Something isn't right then. I compared your smb4.conf file with mine and yours seems to be missing a lot of info. I suggest you disable AD integration, stop SMB, backup and then delete your smb4.conf file in /usr/local/etc and then reboot FreeNAS and start from scratch on the config.

Do you mind redacting yours of sensitive info and posting it on here or PMing it to me? I'd appreciate it!

bigphil · Jan 5, 2017

No problem...here is my live config. This is currently working on my Windows 2012 domain. Nothing is changed. My domain info: fqdn=domain.local, netbios=domain

Code:

[global]
	server max protocol = SMB3
	interfaces = 127.0.0.1 192.168.0.211
	bind interfaces only = yes
	encrypt passwords = yes
	dns proxy = no
	strict locking = no
	oplocks = yes
	deadtime = 15
	max log size = 51200
	max open files = 706682
	logging = file
	load printers = no
	printing = bsd
	printcap name = /dev/null
	disable spoolss = yes
	getwd cache = yes
	guest account = nobody
	map to guest = Bad User
	obey pam restrictions = yes
	directory name cache size = 0
	kernel change notify = no
	panic action = /usr/local/libexec/samba/samba-backtrace
	nsupdate command = /usr/local/bin/samba-nsupdate -g
	server string = FreeNAS Server
	ea support = yes
	store dos attributes = yes
	lm announce = yes
	hostname lookups = yes
	acl allow execute always = true
	dos filemode = yes
	multicast dns register = yes
	domain logons = no
	idmap config *: backend = tdb
	idmap config *: range = 90000001-100000000
	server role = member server
	workgroup = DOMAIN
	realm = DOMAIN.LOCAL
	security = ADS
	client use spnego = yes
	cache directory = /var/tmp/.cache/.samba
	local master = no
	domain master = no
	preferred master = no
	ads dns update = yes
	winbind cache time = 7200
	winbind offline logon = yes
	winbind enum users = yes
	winbind enum groups = yes
	winbind nested groups = yes
	winbind use default domain = no
	winbind refresh tickets = yes
	idmap config DOMAIN: backend = rid
	idmap config DOMAIN: range = 20000-90000000
	allow trusted domains = no
	client ldap sasl wrapping = plain
	template shell = /bin/sh
	template homedir = /home/%D/%U
	netbios name = NAS1
	pid directory = /var/run/samba
	create mask = 0666
	directory mask = 0777
	client ntlmv2 auth = yes
	dos charset = CP437
	unix charset = UTF-8
	log level = 1

IonutZ · Jan 6, 2017

So I diffed our 2 configs and they are the same except for yours has security = ADS and mine has security = user. With security = ADS you get a bunch of other config properties - and I'm not exactly sure how you turn on ADS from the UI (or that I need it for that matter). Not sure where all the winbind stuff is configured either.

I can do `net ads info -U adminuser` fine, and it outputs properly. Problem is with `net ads join` unfortunately.

bigphil · Jan 6, 2017

IonutZ said:
So I diffed our 2 configs and they are the same except for yours has security = ADS and mine has security = user.

??? Just from eyeballing it from your posted smb4.conf above, there are many things that are different, not just that one line. Did you try what I suggested?

IonutZ · Jan 6, 2017

bigphil said:
??? Just from eyeballing it from your posted smb4.conf above, there are many things that are different, not just that one line. Did you try what I suggested?

Security is the only main thing that is different. Also I don't know how you got

Code:

	idmap config DOMAIN: backend = rid
	idmap config DOMAIN: range = 20000-90000000

to show up... or why you have it. idmap config * is tdb for you as well (even though you have rid selected). I can add it manually - replaced DOMAIN for the netbios name of my domain. Still nothing. Fails with the same error - doesn't give any explicit failure.

bigphil · Jan 6, 2017

The idmap is probably in the smb4.conf file by default. If you configure it for a domain, it uses the correct setting specific to your domain...like mine is set. I don't know what else to tell you if you haven't tried my suggestion from post #10. If you have keytabs setup, you might try removing those too.

IonutZ · Jan 6, 2017

When you say "If you configure it for a domain" what does that mean? The only place where I can configure smb4.conf through the UI (as far as I know) is either on the Directory tab or on the Samba service configuration. I tried removing smb4.conf entirely and restarting. It recreates with the exact same config options. I tried changing to rid, but I never have a idmap config DOMAIN, only an idmap config * - no matter what I do.

Whenever I attempt to Enable AD, it recreates the smb4.conf ...

I would reinstall but this is in production. For now I have regular samba access through FreeNAS' user authentication (in order to mitigate user access).

I'm on latest stable 9.10.2.

bigphil · Jan 6, 2017

IonutZ said:
When you say "If you configure it for a domain" what does that mean?

Meaning that if you didn't configure FreeNAS to be a domain member, the parameters would still be there, but because we are configuring it for a domain it should use the specific setting that matches the domain name and not the default *. Let me do a little more testing and get back to you.

IonutZ · Jan 6, 2017

bigphil said:
Meaning that if you didn't configure FreeNAS to be a domain member, the parameters would still be there, but because we are configuring it for a domain it should use the specific setting that matches the domain name and not the default *. Let me do a little more testing and get back to you.

Question, how does one configure it to be a domain member? I'm pretty sure I've done that, but I would appreciate your advice on that.

Sent from my iPhone using Tapatalk

bigphil · Jan 6, 2017

I just compared a 9.10.1-U4 and a fresh install of 9.10.2 and they both work the same way and the config is the same. It seems to me that your smb4.conf is screwed up and maybe /etc/directoryservice/ActiveDirectory/config. You just need to clear the config and start over...no need to reinstall. In "Services" you don't have "Domain Controller" turned on do you? That would break it too.

Important Announcement for the TrueNAS Community.

SOLVED Can't Join AD (all of a sudden)

Contributor

dlavigne

Guest

Contributor

Patron

Contributor

Contributor

Patron

Contributor

Contributor

Patron

Contributor

Patron

Contributor

Patron

Contributor

Patron

Contributor

Patron

Contributor

Patron

Similar threads