FreeNAS-9.10.1-U2 (f045a8b) FreeNAS windows 2008 r2 joining x64 domain controller, kerberos error

Vishimtar · Nov 2, 2016

Hello,

I'm using FreeNAS-9.10.1-U2 (f045a8b) version domain controller windows 2008 r2 x64 I am using cifs sharing service which was successful in the first time I set up freenas domain join process. World clock change result
I'm starting to get the freenas kerberos fault. The FreeNAS domain controller appears to be a join, but the domain controller can not access the denied user and group list. That's why the cifs service is not working.
Domain controller i get kerberos error what do i need to do to solve this?

FreeNAS records look normal on windows domain controller.

Code:

[root@freenas] /# klist
Credentials cache: FILE:/tmp/krb5cc_0
		Principal: administrator@DomainName.com
  Issued				Expires			   Principal
Nov  2 16:29:46 2016  Nov  3 02:29:46 2016  krbtgt/DomainName.com@DomainName.com
Nov  2 16:33:51 2016  Nov  3 02:29:46 2016  ldap/DCComputerName.DomainName.com@DomainName.com

This question also makes the Domain Controller time setting different. The domain controller time is the same as the FreeNAS time.

Code:

[root@freenas] ~# net ads info
LDAP server: 000.000.000.000
LDAP server name: DCComputerName.DomainName.com
Realm: DomainName.com
Bind Path: dc=DomainName,dc=COM
LDAP port: 389
Server time: Wed, 02 Nov 2016 17:36:04 MSK
KDC server: 000.000.000.000
Server time offset: 3587

Code:

[root@freenas] ~# net time
Wed Nov  2 16:36:28 2016

Code:

[root@freenas] /# wbinfo -m
BUILTIN
FreeNAS
DomainName

Code:

[root@freenas] /# wbinfo -t
checking the trust secret for domain DomainName via RPC calls succeeded

Code:

[root@freenas] /# wbinfo -u
null

[root@freenas] /# wbinfo -g
null

Code:

[root@freenas] /# net ads user
listed all domain user

Error records

Code:

Nov  1 14:30:27 freenas smbd[14454]: [2016/11/01 14:30:27.028591,  0] ../source3/lib/util_sock.c:876(matchname)
Nov  1 14:30:27 freenas smbd[14454]:   matchname: host name/name mismatch: 000.000.000.000 != (NULL)
Nov  1 14:30:27 freenas smbd[14454]: [2016/11/01 14:30:27.028626,  0] ../source3/lib/util_sock.c:1055(get_remote_hostname)
Nov  1 14:30:27 freenas smbd[14454]:   matchname failed on 000.000.000.000
Nov  1 14:30:27 freenas smbd[14454]: [2016/11/01 14:30:27.373023,  1] ../source3/librpc/crypto/gse.c:497(gse_get_server_auth_token)
Nov  1 14:30:27 freenas smbd[14454]:   gss_accept_sec_context failed with [ Miscellaneous failure (see text): Failed to find cifs/freenas@DomainName.COM(kvno 11) in keytab MEMORY:cifs_srv_keytab (arcfour-hmac-md5)]
Nov  1 14:30:27 freenas smbd[14454]: [2016/11/01 14:30:27.373061,  1] ../auth/gensec/spnego.c:541(gensec_spnego_parse_negTokenInit)
Nov  1 14:30:27 freenas smbd[14454]:   SPNEGO(gse_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE

Nov  1 14:02:39 freenas winbindd[8915]: [2016/11/01 14:02:39.433688,  0] ../source3/librpc/crypto/gse.c:341(gse_get_client_auth_token)
Nov  1 14:02:39 freenas winbindd[8915]:   gss_init_sec_context failed with [ Miscellaneous failure (see text): Clock skew too great]
Nov  1 14:02:39 freenas winbindd[8915]: [2016/11/01 14:02:39.433721,  1] ../auth/gensec/spnego.c:619(gensec_spnego_create_negTokenInit)
Nov  1 14:02:39 freenas winbindd[8915]:   SPNEGO(gse_krb5) creating NEG_TOKEN_INIT failed: NT_STATUS_INTERNAL_ERROR
Nov  1 14:02:39 freenas winbindd[8915]: [2016/11/01 14:02:39.433747,  0] ../source3/libads/sasl.c:773(ads_sasl_spnego_bind)
Nov  1 14:02:39 freenas winbindd[8915]:   kinit succeeded but ads_sasl_spnego_gensec_bind(KRB5) failed: An internal error occurred.
Nov  1 14:02:39 freenas winbindd[8915]: [2016/11/01 14:02:39.464439,  1] ../source3/winbindd/winbindd_ads.c:136(ads_cached_connection_connect)
Nov  1 14:02:39 freenas winbindd[8915]:   ads_connect for domain DomainName failed: An internal error occurred.
Nov  1 14:02:39 freenas winbindd[8915]: [2016/11/01 14:02:39.471671,  0] ../source3/librpc/crypto/gse.c:341(gse_get_client_auth_token)
Nov  1 14:02:39 freenas winbindd[8915]:   no edata in krb5_error
Nov  1 14:02:39 freenas winbindd[8915]: [2016/11/01 14:02:39.589523,  1] ../source3/libads/authdata.c:175(kerberos_return_pac)
Nov  1 14:02:39 freenas winbindd[8915]:   kinit failed for 'root@DomainName.COM' with: Client not found in Kerberos database (-1765328378)
Nov  1 14:02:49 freenas winbindd[8915]:   ads_connect for domain DomainName failed: An internal error occurred.
Nov  1 14:06:20 freenas winbindd[7562]: [2016/11/01 14:06:20.856048,  0] ../source3/winbindd/winbindd.c:271(winbindd_sig_term_handler)
Nov  1 14:06:20 freenas winbindd[7562]:   Got sig[15] terminate (is_parent=1)
Nov  1 14:06:20 freenas winbindd[8915]: [2016/11/01 14:06:20.858104,  0] ../source3/winbindd/winbindd.c:271(winbindd_sig_term_handler)
Nov  1 14:06:20 freenas winbindd[8915]:   Got sig[15] terminate (is_parent=0)
Nov  1 14:06:21 freenas nmbd[7553]: [2016/11/01 14:06:21.902244,  0] ../source3/nmbd/nmbd.c:58(terminate)
Nov  1 14:06:21 freenas nmbd[7553]:   Got SIGTERM: going down...
Nov  1 14:06:22 freenas nmbd[9217]: [2016/11/01 14:06:22.993255,  0] ../lib/util/become_daemon.c:124(daemon_ready)
Nov  1 14:06:22 freenas nmbd[9217]:   STATUS=daemon 'nmbd' finished starting up and ready to serve connections
Nov  1 14:06:23 freenas smbd[9220]: [2016/11/01 14:06:23.037418,  1] ../source3/profile/profile_dummy.c:30(set_profile_level)
Nov  1 14:06:23 freenas smbd[9220]:   INFO: Profiling support unavailable in this build.
Nov  1 14:06:23 freenas smbd[9221]: [2016/11/01 14:06:23.041848,  1] ../source3/smbd/files.c:218(file_init_global)
Nov  1 14:06:23 freenas smbd[9221]:   file_init_global: Information only: requested 940475 open files, 59392 are available.
Nov  1 14:06:23 freenas smbd[9221]: [2016/11/01 14:06:23.043963,  0] ../lib/util/become_daemon.c:124(daemon_ready)
Nov  1 14:06:23 freenas smbd[9221]:   STATUS=daemon 'smbd' finished starting up and ready to serve connections
Nov  1 14:06:23 freenas winbindd[9226]: [2016/11/01 14:06:23.082581,  1] ../source3/lib/tdb_validate.c:480(tdb_validate_and_backup)
Nov  1 14:06:23 freenas winbindd[9226]:   tdb '/var/db/samba4/winbindd_cache.tdb' is valid
Nov  1 14:06:23 freenas winbindd[9226]: [2016/11/01 14:06:23.111874,  1] ../source3/lib/tdb_validate.c:490(tdb_validate_and_backup)
Nov  1 14:06:23 freenas winbindd[9226]:   Created backup '/var/db/samba4/winbindd_cache.tdb.bak' of tdb '/var/db/samba4/winbindd_cache.tdb'
Nov  1 14:06:23 freenas winbindd[9226]: [2016/11/01 14:06:23.112528,  0] ../lib/util/become_daemon.c:124(daemon_ready)
Nov  1 14:06:23 freenas winbindd[9226]:   STATUS=daemon 'winbindd' finished starting up and ready to serve connections
Nov  1 14:06:28 freenas winbindd[9226]: [2016/11/01 14:06:28.337180,  0] ../source3/librpc/crypto/gse.c:341(gse_get_client_auth_token)
Nov  1 14:06:28 freenas winbindd[9226]:   gss_init_sec_context failed with [ Miscellaneous failure (see text): Clock skew too great]
Nov  1 14:06:28 freenas winbindd[9226]: [2016/11/01 14:06:28.337211,  1] ../auth/gensec/spnego.c:619(gensec_spnego_create_negTokenInit)
Nov  1 14:06:28 freenas winbindd[9226]:   SPNEGO(gse_krb5) creating NEG_TOKEN_INIT failed: NT_STATUS_INTERNAL_ERROR

Nov  1 14:22:06 freenas manage.py: [common.pipesubr:66] Popen()ing: zfs list -H -o mountpoint,name
Nov  1 14:22:07 freenas generate_smb4_conf.py: [common.pipesubr:66] Popen()ing: /sbin/sysctl -n 'kern.maxfilesperproc'
Nov  1 14:22:08 freenas generate_smb4_conf.py: [common.pipesubr:66] Popen()ing: klist
Nov  1 14:22:08 freenas generate_smb4_conf.py: [common.pipesubr:66] Popen()ing: mount
Nov  1 14:22:08 freenas generate_smb4_conf.py: [common.pipesubr:66] Popen()ing: mount
Nov  1 14:22:08 freenas generate_smb4_conf.py: [common.pipesubr:66] Popen()ing: /usr/local/bin/net -d 0 getlocalsid
Nov  1 14:22:08 freenas notifier: Performing sanity check on Samba configuration: OK
Nov  1 14:22:08 freenas notifier: Reloading nmbd.
Nov  1 14:22:08 freenas nmbd[9217]: [2016/11/01 14:22:08.468493,  0] ../source3/nmbd/nmbd_workgroupdb.c:276(dump_workgroups)
Nov  1 14:22:08 freenas nmbd[9217]:   dump_workgroups()
Nov  1 14:22:08 freenas nmbd[9217]:	dump workgroup on subnet   000.000.000.000: netmask=  000.000.000.000:
Nov  1 14:22:08 freenas nmbd[9217]:	   DomainName(1) current master browser = COMPUTERNAME
Nov  1 14:22:08 freenas nmbd[9217]:		   FREENAS 40809b03 (FreeNAS Server)
Nov  1 14:22:08 freenas nmbd[9217]:		   ARIF-PC 40071003 ()
Nov  1 14:22:08 freenas nmbd[9217]: [2016/11/01 14:22:08.468556,  0] ../source3/nmbd/nmbd_workgroupdb.c:276(dump_workgroups)
Nov  1 14:22:08 freenas nmbd[9217]:   dump_workgroups()
Nov  1 14:22:08 freenas nmbd[9217]:	dump workgroup on subnet	  10.10.10.1: netmask=  000.000.000.000:
Nov  1 14:22:08 freenas nmbd[9217]:	   DomainName(1) current master browser = UNKNOWN
Nov  1 14:22:08 freenas nmbd[9217]:		   FREENAS 40809b03 (FreeNAS Server)
Nov  1 14:22:08 freenas notifier: Reloading smbd.
Nov  1 14:22:08 freenas notifier: Reloading winbindd.
Nov  1 14:22:08 freenas notifier: Stopping mdnsd.
Nov  1 14:22:08 freenas mDNSResponder: mDNSResponder (Engineering Build) (Oct  3 2016 06:58:50) stopping
Nov  1 14:22:08 freenas mDNSResponder: mDNS_FinalExit failed to send goodbye for: 0000000801485580 01   32 _afpovertcp._tcp.local. PTR freenas._afpovertcp._tcp.local.
Nov  1 14:22:08 freenas mDNSResponder: mDNS_FinalExit failed to send goodbye for: 0000000801481580 01   27 _adisk._tcp.local. PTR freenas._adisk._tcp.local.
Nov  1 14:22:08 freenas mDNSResponder: mDNS_FinalExit failed to send goodbye for: 000000080147C580 01   33 _device-info._tcp.local. PTR freenas._device-info._tcp.local.
Nov  1 14:22:08 freenas mDNSResponder: mDNS_FinalExit failed to send goodbye for: 0000000801489580 01   25 _ssh._tcp.local. PTR freenas._ssh._tcp.local.
Nov  1 14:22:08 freenas mDNSResponder: mDNS_FinalExit failed to send goodbye for: 000000080148B580 01   30 _sftp-ssh._tcp.local. PTR freenas._sftp-ssh._tcp.local.
Nov  1 14:22:08 freenas mDNSResponder: mDNS_FinalExit failed to send goodbye for: 000000080148D580 01   26 _http._tcp.local. PTR freenas._http._tcp.local.
Nov  1 14:22:08 freenas mDNSResponder: mDNS_FinalExit failed to send goodbye for: 0000000801493580 01   25 _smb._tcp.local. PTR freenas._smb._tcp.local.
Nov  1 14:22:08 freenas netatalk[3175]: dnssd_clientstub DNSServiceProcessResult called with DNSServiceRef with no ProcessReply function
Nov  1 14:22:08 freenas netatalk[3175]: dnssd_clientstub DNSServiceProcessResult called with DNSServiceRef with no ProcessReply function
Nov  1 14:22:08 freenas netatalk[3175]: dnssd_clientstub DNSServiceProcessResult called with DNSServiceRef with no ProcessReply function
Nov  1 14:22:08 freenas netatalk[3175]: dnssd_clientstub DNSServiceProcessResult called with DNSServiceRef with no ProcessReply function
Nov  1 14:22:08 freenas netatalk[3175]: dnssd_clientstub DNSServiceProcessResult called with DNSServiceRef with no ProcessReply function
Nov  1 14:22:08 freenas netatalk[3175]: dnssd_clientstub DNSServiceProcessResult called with DNSServiceRef with no ProcessReply function
Nov  1 14:22:08 freenas netatalk[3175]: dnssd_clientstub DNSServiceProcessResult called with DNSServiceRef with no ProcessReply function
Nov  1 14:22:08 freenas netatalk[3175]: dnssd_clientstub DNSServiceProcessResult called with DNSServiceRef with no ProcessReply function
Nov  1 14:22:08 freenas netatalk[3175]: dnssd_clientstub DNSServiceProcessResult called with DNSServiceRef with no ProcessReply function
Nov  1 14:22:08 freenas netatalk[3175]: dnssd_clientstub DNSServiceProcessResult called with DNSServiceRef with no ProcessReply function
Nov  1 14:22:08 freenas smbd[9221]: dnssd_clientstub DNSServiceProcessResult called with DNSServiceRef with no ProcessReply function
Nov  1 14:22:08 freenas notifier: Waiting for PIDS: 3171.
Nov  1 14:22:08 freenas notifier: Starting mdnsd.
Nov  1 14:22:08 freenas mDNSResponder: mDNSResponder (Engineering Build) (Oct  3 2016 06:58:50) starting
Nov  1 14:22:08 freenas mDNSResponder:  12: Listening for incoming Unix Domain Socket client requests
Nov  1 14:22:08 freenas mDNSResponder: mDNS_AddDNSServer: Lock not held! mDNS_busy (0) mDNS_reentrancy (0)
Nov  1 14:22:08 freenas mDNSResponder: CheckNATMappings: Failed to allocate port 5350 UDP multicast socket for PCP & NAT-PMP announcements
Nov  1 14:22:10 freenas mDNSResponder: mDNS_Register_internal: ERROR!! Tried to register AuthRecord 0000000801406D60 freenas.local. (Addr) that's already in the list
Nov  1 14:22:10 freenas mDNSResponder: mDNS_Register_internal: ERROR!! Tried to register AuthRecord 0000000801407180 000.000.000.000.in-addr.arpa. (PTR) that's already in the list
Nov  1 14:22:10 freenas mDNSResponder: mDNS_Register_internal: ERROR!! Tried to register AuthRecord 0000000801409D60 freenas.local. (Addr) that's already in the list
Nov  1 14:22:10 freenas mDNSResponder: mDNS_Register_internal: ERROR!! Tried to register AuthRecord 000000080140A180 000.000.000.000.in-addr.arpa. (PTR) that's already in the list

dlavigne · Nov 7, 2016

Were you able to resolve this?

Vishimtar · Nov 8, 2016

dlavigne said:
Were you able to resolve this?

Yes, I solved the problem. I will do detailed explanations when available.

IonutZ · Jan 4, 2017

Vishimtar said:
Yes, I solved the problem. I will do detailed explanations when available.

Hey there, can you please detail the fix? I'm running into the same thing :(

Vishimtar · Jan 10, 2017

IonutZ said:
Hey there, can you please detail the fix? I'm running into the same thing :(

hi,
The windows domain controller clock and date must be the same as the FREENAS.

Important Announcement for the TrueNAS Community.

FreeNAS-9.10.1-U2 (f045a8b) FreeNAS windows 2008 r2 joining x64 domain controller, kerberos error

Vishimtar

Dabbler

Attachments

dlavigne

Guest

Vishimtar

Dabbler

IonutZ

Contributor

Vishimtar

Dabbler

Similar threads