freenas 8.3.0-release-x86 ACTIVE DIRECTORY] problem joining domain

Status
Not open for further replies.
L

lorenzoASR

Dabbler
Joined
Nov 10, 2012
Messages
39
Hi, im a new user of this forum.

I want to setup FreeNas for my office to share data and backups, and I have a Domain Controller with Windows Server 2008 (x86).

windows server 2008 ip: 192.168.1.10
windows server 2008 host: ws2008
freenas ip: 192.168.1.112
freenas host: freenas
domain: ottaviano.local

I can ping from freenas to ws2008 and the opposite:
[root@freenas] /var/log# ping ws2008
PING ws2008.ottaviano.local (192.168.1.10): 56 data bytes
64 bytes from 192.168.1.10: icmp_seq=0 ttl=128 time=0.938 ms
64 bytes from 192.168.1.10: icmp_seq=1 ttl=128 time=0.874 ms

C:\Users\Administrator.WS2008>ping freenas

Pinging freenas.ottaviano.local [192.168.1.112] with 32 bytes of data:
Reply from 192.168.1.112: bytes=32 time=2ms TTL=64
Reply from 192.168.1.112: bytes=32 time<1ms TTL=64

And i see domain from freenaS:

[root@freenas] /var/log# ping ottaviano.local
PING ottaviano.local (192.168.1.10): 56 data bytes
64 bytes from 192.168.1.10: icmp_seq=0 ttl=128 time=3.728 ms
64 bytes from 192.168.1.10: icmp_seq=1 ttl=128 time=0.684 ms


I've read the documentation about FreeNas and Active Directory on page http://doc.freenas.org/index.php/Active_Directory and I've done all configuration correctly (i guess), let me post some STAMP of my freenas conf.

first active directory configuration:
View attachment 1446
if you cant read -> http://www.dossetti.it/config-AD.png

second, network configuration:
View attachment 1445
if you cant read -> http://www.dossetti.it/config-network.png

[root@freenas] /var/log# wbinfo -u
FREENAS\root
administrator
guest
krbtgt
lorenzo
segreteria1
[root@freenas] /var/log# wbinfo -g
domain computers
domain controllers
schema admins
enterprise admins
cert publishers
domain admins
domain users
domain guests
group policy creator owners
ras and ias servers
allowed rodc password replication group
denied rodc password replication group
read-only domain controllers
enterprise read-only domain controllers
dnsadmins
dnsupdateproxy
tdei
dossetti

[root@freenas] /var/log# wbinfo -t
checking the trust secret for domain OTTAVIANO via RPC calls succeeded

[root@freenas] /var/log# net ads join -S OTTAVIANO -U lorenzo
Enter lorenzo's password:
Failed to join domain: failed to lookup DC info for domain 'OTTAVIANO.LOCAL' over rpc: The network name cannot be found

This not sounds good! I do a try in this way, i dont know wich is correct!

[root@freenas] /var/log# net ads join -S OTTAVIANO.LOCAL -U lorenzo
Enter lorenzo's password:
kinit succeeded but ads_sasl_spnego_krb5_bind failed: Server not found in Kerberos database
Failed to join domain: failed to connect to AD: Server not found in Kerberos database

Either going in GUI Storage->Volumes->/mnt/mystorage ->Change Permissions i dont see my users or groups listed in dropdownlist !

This is my /var/log/messages after starting active directory service:

Nov 11 22:09:18 freenas ActiveDirectory: /usr/sbin/service ix-kerberos quietstart
Nov 11 22:09:19 freenas ActiveDirectory: AD_init: config exists, loading values from /etc/ActiveDirectory/config
Nov 11 22:09:19 freenas ActiveDirectory: generate_krb5_conf: krbhost=ws2008.ottaviano.local:88, kpwdhost=ws2008.ottaviano.local:464, domainname=ottaviano.local
Nov 11 22:09:19 freenas ActiveDirectory: /usr/sbin/service ix-nsswitch quietstart
Nov 11 22:09:19 freenas ActiveDirectory: /usr/sbin/service ix-pam quietstart
Nov 11 22:09:19 freenas ActiveDirectory: /usr/sbin/service ix-kinit quietstart
Nov 11 22:09:20 freenas ActiveDirectory: AD_init: config exists, loading values from /etc/ActiveDirectory/config
Nov 11 22:09:20 freenas ActiveDirectory: kerberos_start: kinit --password-file=/tmp/tmp.FRRVMsPh administrator@OTTAVIANO.LOCAL
Nov 11 22:09:20 freenas ActiveDirectory: kerberos_start: Successful
Nov 11 22:09:30 freenas ActiveDirectory: /usr/sbin/service ix-kinit status
Nov 11 22:09:30 freenas ActiveDirectory: AD_init: config exists, loading values from /etc/ActiveDirectory/config
Nov 11 22:09:30 freenas ActiveDirectory: kerberos_status: klist -l | grep -q ^administrator@OTTAVIANO.LOCAL
Nov 11 22:09:30 freenas ActiveDirectory: kerberos_status: Successful
Nov 11 22:09:30 freenas ActiveDirectory: /usr/sbin/service ix-samba quietstart
Nov 11 22:09:31 freenas ActiveDirectory: AD_init: config exists, loading values from /etc/ActiveDirectory/config
Nov 11 22:09:32 freenas ActiveDirectory: AD_init: config exists, loading values from /etc/ActiveDirectory/config
Nov 11 22:09:32 freenas ActiveDirectory: generate_smb_config: checking testparm issues
Nov 11 22:09:32 freenas ActiveDirectory: generate_smb_config: testparm: Load smb config files from /usr/local/etc/smb.conf
Nov 11 22:09:32 freenas ActiveDirectory: generate_smb_config: testparm: max_open_files: increasing sysctl_max (11095) to minimum Windows limit (16384)
Nov 11 22:09:32 freenas ActiveDirectory: generate_smb_config: testparm: rlimit_max: increasing rlimit_max (11095) to minimum Windows limit (16384)
Nov 11 22:09:32 freenas ActiveDirectory: generate_smb_config: testparm: WARNING: The "idmap uid" option is deprecated
Nov 11 22:09:32 freenas ActiveDirectory: generate_smb_config: testparm: WARNING: The "idmap gid" option is deprecated
Nov 11 22:09:32 freenas ActiveDirectory: generate_smb_config: testparm: Loaded services file OK.
Nov 11 22:09:32 freenas ActiveDirectory: generate_smb_config: testparm: WARNING: The setting 'security=ads' should NOT be combined with the 'password server' parameter.
Nov 11 22:09:32 freenas ActiveDirectory: generate_smb_config: testparm: (by default Samba will discover the correct DC to contact automatically).
Nov 11 22:09:32 freenas ActiveDirectory: generate_smb_config: testparm: Server role: ROLE_DOMAIN_MEMBER
Nov 11 22:09:32 freenas ActiveDirectory: generate_smb_config: testparm: Press enter to see a dump of your service definitions
Nov 11 22:09:32 freenas ActiveDirectory: /usr/local/bin/python /usr/local/www/freenasUI/middleware/notifier.py start cifs
Nov 11 22:09:34 freenas ActiveDirectory: AD_init: config exists, loading values from /etc/ActiveDirectory/config
Nov 11 22:09:35 freenas ActiveDirectory: AD_init: config exists, loading values from /etc/ActiveDirectory/config
Nov 11 22:09:35 freenas ActiveDirectory: generate_smb_config: checking testparm issues
Nov 11 22:09:35 freenas ActiveDirectory: generate_smb_config: testparm: Load smb config files from /usr/local/etc/smb.conf
Nov 11 22:09:35 freenas ActiveDirectory: generate_smb_config: testparm: max_open_files: increasing sysctl_max (11095) to minimum Windows limit (16384)
Nov 11 22:09:35 freenas ActiveDirectory: generate_smb_config: testparm: rlimit_max: increasing rlimit_max (11095) to minimum Windows limit (16384)
Nov 11 22:09:35 freenas ActiveDirectory: generate_smb_config: testparm: WARNING: The "idmap uid" option is deprecated
Nov 11 22:09:35 freenas ActiveDirectory: generate_smb_config: testparm: WARNING: The "idmap gid" option is deprecated
Nov 11 22:09:35 freenas ActiveDirectory: generate_smb_config: testparm: Loaded services file OK.
Nov 11 22:09:35 freenas ActiveDirectory: generate_smb_config: testparm: WARNING: The setting 'security=ads' should NOT be combined with the 'password server' parameter.
Nov 11 22:09:35 freenas ActiveDirectory: generate_smb_config: testparm: (by default Samba will discover the correct DC to contact automatically).
Nov 11 22:09:35 freenas ActiveDirectory: generate_smb_config: testparm: Server role: ROLE_DOMAIN_MEMBER
Nov 11 22:09:35 freenas ActiveDirectory: generate_smb_config: testparm: Press enter to see a dump of your service definitions
Nov 11 22:09:35 freenas notifier: dbus already running? (pid=6777).
Nov 11 22:09:35 freenas notifier: Starting avahi-daemon.
Nov 11 22:09:35 freenas notifier: Daemon already running on PID 6802
Nov 11 22:09:35 freenas notifier: Removing stale Samba tdb files: ...... done
Nov 11 22:09:35 freenas notifier: Starting nmbd.
Nov 11 22:09:35 freenas notifier: Starting smbd.
Nov 11 22:09:35 freenas notifier: Starting winbindd.
Nov 11 22:09:35 freenas notifier: True
Nov 11 22:09:35 freenas ActiveDirectory: /usr/sbin/service ix-activedirectory quietstart
Nov 11 22:09:36 freenas ActiveDirectory: AD_init: config exists, loading values from /etc/ActiveDirectory/config
Nov 11 22:09:36 freenas ActiveDirectory: activedirectory_start: trying to join domain
Nov 11 22:09:36 freenas ActiveDirectory: AD_join_domain: net ads join -U administrator
Nov 11 22:09:38 freenas notifier: kinit succeeded but ads_sasl_spnego_krb5_bind failed: Invalid credentials
Nov 11 22:09:38 freenas notifier: Failed to join domain: failed to connect to AD: Invalid credentials
Nov 11 22:09:38 freenas ActiveDirectory: AD_join_domain: Failed
[root@freenas] /var/log#



I hope someone could help me, thank in advance

PS: if you need additional info, just ask :)
 
Status
Not open for further replies.

Similar threads

S
  • Locked
Freenas can't join AD, AD_status_domain: Not okay
Replies
7
Views
7K
Shrek000
S
D
  • Locked
Can't connect 9.1.1 to AD, Server 2012
Replies
4
Views
2K
Danger
D
E
  • Locked
FreeNAS-8.3.0-BETA3-x64 and Windows Server 2012 AD?
Replies
2
Views
4K
snaketek
S
L
  • Locked
Freenas 8.3.1 + Server 2008 R2 + Active Directory + LDAP Signing
Replies
1
Views
2K
lord.nemesi
L
P
  • Locked
FreeNAS 11.1 Unable to join Domain
Replies
2
Views
5K
Paze
P
Top