Vishimtar
Dabbler
- Joined
- Nov 17, 2014
- Messages
- 30
Hello,
I'm using FreeNAS-9.10.1-U2 (f045a8b) version domain controller windows 2008 r2 x64 I am using cifs sharing service which was successful in the first time I set up freenas domain join process. World clock change result
I'm starting to get the freenas kerberos fault. The FreeNAS domain controller appears to be a join, but the domain controller can not access the denied user and group list. That's why the cifs service is not working.
Domain controller i get kerberos error what do i need to do to solve this?
FreeNAS records look normal on windows domain controller.
This question also makes the Domain Controller time setting different. The domain controller time is the same as the FreeNAS time.
Error records
I'm using FreeNAS-9.10.1-U2 (f045a8b) version domain controller windows 2008 r2 x64 I am using cifs sharing service which was successful in the first time I set up freenas domain join process. World clock change result
I'm starting to get the freenas kerberos fault. The FreeNAS domain controller appears to be a join, but the domain controller can not access the denied user and group list. That's why the cifs service is not working.
Domain controller i get kerberos error what do i need to do to solve this?
FreeNAS records look normal on windows domain controller.
Code:
[root@freenas] /# klist Credentials cache: FILE:/tmp/krb5cc_0 Principal: administrator@DomainName.com Issued Expires Principal Nov 2 16:29:46 2016 Nov 3 02:29:46 2016 krbtgt/DomainName.com@DomainName.com Nov 2 16:33:51 2016 Nov 3 02:29:46 2016 ldap/DCComputerName.DomainName.com@DomainName.com
This question also makes the Domain Controller time setting different. The domain controller time is the same as the FreeNAS time.
Code:
[root@freenas] ~# net ads info LDAP server: 000.000.000.000 LDAP server name: DCComputerName.DomainName.com Realm: DomainName.com Bind Path: dc=DomainName,dc=COM LDAP port: 389 Server time: Wed, 02 Nov 2016 17:36:04 MSK KDC server: 000.000.000.000 Server time offset: 3587
Code:
[root@freenas] ~# net time Wed Nov 2 16:36:28 2016
Code:
[root@freenas] /# wbinfo -m BUILTIN FreeNAS DomainName
Code:
[root@freenas] /# wbinfo -t checking the trust secret for domain DomainName via RPC calls succeeded
Code:
[root@freenas] /# wbinfo -u null [root@freenas] /# wbinfo -g null
Code:
[root@freenas] /# net ads user listed all domain user
Error records
Code:
Nov 1 14:30:27 freenas smbd[14454]: [2016/11/01 14:30:27.028591, 0] ../source3/lib/util_sock.c:876(matchname) Nov 1 14:30:27 freenas smbd[14454]: matchname: host name/name mismatch: 000.000.000.000 != (NULL) Nov 1 14:30:27 freenas smbd[14454]: [2016/11/01 14:30:27.028626, 0] ../source3/lib/util_sock.c:1055(get_remote_hostname) Nov 1 14:30:27 freenas smbd[14454]: matchname failed on 000.000.000.000 Nov 1 14:30:27 freenas smbd[14454]: [2016/11/01 14:30:27.373023, 1] ../source3/librpc/crypto/gse.c:497(gse_get_server_auth_token) Nov 1 14:30:27 freenas smbd[14454]: gss_accept_sec_context failed with [ Miscellaneous failure (see text): Failed to find cifs/freenas@DomainName.COM(kvno 11) in keytab MEMORY:cifs_srv_keytab (arcfour-hmac-md5)] Nov 1 14:30:27 freenas smbd[14454]: [2016/11/01 14:30:27.373061, 1] ../auth/gensec/spnego.c:541(gensec_spnego_parse_negTokenInit) Nov 1 14:30:27 freenas smbd[14454]: SPNEGO(gse_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE Nov 1 14:02:39 freenas winbindd[8915]: [2016/11/01 14:02:39.433688, 0] ../source3/librpc/crypto/gse.c:341(gse_get_client_auth_token) Nov 1 14:02:39 freenas winbindd[8915]: gss_init_sec_context failed with [ Miscellaneous failure (see text): Clock skew too great] Nov 1 14:02:39 freenas winbindd[8915]: [2016/11/01 14:02:39.433721, 1] ../auth/gensec/spnego.c:619(gensec_spnego_create_negTokenInit) Nov 1 14:02:39 freenas winbindd[8915]: SPNEGO(gse_krb5) creating NEG_TOKEN_INIT failed: NT_STATUS_INTERNAL_ERROR Nov 1 14:02:39 freenas winbindd[8915]: [2016/11/01 14:02:39.433747, 0] ../source3/libads/sasl.c:773(ads_sasl_spnego_bind) Nov 1 14:02:39 freenas winbindd[8915]: kinit succeeded but ads_sasl_spnego_gensec_bind(KRB5) failed: An internal error occurred. Nov 1 14:02:39 freenas winbindd[8915]: [2016/11/01 14:02:39.464439, 1] ../source3/winbindd/winbindd_ads.c:136(ads_cached_connection_connect) Nov 1 14:02:39 freenas winbindd[8915]: ads_connect for domain DomainName failed: An internal error occurred. Nov 1 14:02:39 freenas winbindd[8915]: [2016/11/01 14:02:39.471671, 0] ../source3/librpc/crypto/gse.c:341(gse_get_client_auth_token) Nov 1 14:02:39 freenas winbindd[8915]: no edata in krb5_error Nov 1 14:02:39 freenas winbindd[8915]: [2016/11/01 14:02:39.589523, 1] ../source3/libads/authdata.c:175(kerberos_return_pac) Nov 1 14:02:39 freenas winbindd[8915]: kinit failed for 'root@DomainName.COM' with: Client not found in Kerberos database (-1765328378) Nov 1 14:02:49 freenas winbindd[8915]: ads_connect for domain DomainName failed: An internal error occurred. Nov 1 14:06:20 freenas winbindd[7562]: [2016/11/01 14:06:20.856048, 0] ../source3/winbindd/winbindd.c:271(winbindd_sig_term_handler) Nov 1 14:06:20 freenas winbindd[7562]: Got sig[15] terminate (is_parent=1) Nov 1 14:06:20 freenas winbindd[8915]: [2016/11/01 14:06:20.858104, 0] ../source3/winbindd/winbindd.c:271(winbindd_sig_term_handler) Nov 1 14:06:20 freenas winbindd[8915]: Got sig[15] terminate (is_parent=0) Nov 1 14:06:21 freenas nmbd[7553]: [2016/11/01 14:06:21.902244, 0] ../source3/nmbd/nmbd.c:58(terminate) Nov 1 14:06:21 freenas nmbd[7553]: Got SIGTERM: going down... Nov 1 14:06:22 freenas nmbd[9217]: [2016/11/01 14:06:22.993255, 0] ../lib/util/become_daemon.c:124(daemon_ready) Nov 1 14:06:22 freenas nmbd[9217]: STATUS=daemon 'nmbd' finished starting up and ready to serve connections Nov 1 14:06:23 freenas smbd[9220]: [2016/11/01 14:06:23.037418, 1] ../source3/profile/profile_dummy.c:30(set_profile_level) Nov 1 14:06:23 freenas smbd[9220]: INFO: Profiling support unavailable in this build. Nov 1 14:06:23 freenas smbd[9221]: [2016/11/01 14:06:23.041848, 1] ../source3/smbd/files.c:218(file_init_global) Nov 1 14:06:23 freenas smbd[9221]: file_init_global: Information only: requested 940475 open files, 59392 are available. Nov 1 14:06:23 freenas smbd[9221]: [2016/11/01 14:06:23.043963, 0] ../lib/util/become_daemon.c:124(daemon_ready) Nov 1 14:06:23 freenas smbd[9221]: STATUS=daemon 'smbd' finished starting up and ready to serve connections Nov 1 14:06:23 freenas winbindd[9226]: [2016/11/01 14:06:23.082581, 1] ../source3/lib/tdb_validate.c:480(tdb_validate_and_backup) Nov 1 14:06:23 freenas winbindd[9226]: tdb '/var/db/samba4/winbindd_cache.tdb' is valid Nov 1 14:06:23 freenas winbindd[9226]: [2016/11/01 14:06:23.111874, 1] ../source3/lib/tdb_validate.c:490(tdb_validate_and_backup) Nov 1 14:06:23 freenas winbindd[9226]: Created backup '/var/db/samba4/winbindd_cache.tdb.bak' of tdb '/var/db/samba4/winbindd_cache.tdb' Nov 1 14:06:23 freenas winbindd[9226]: [2016/11/01 14:06:23.112528, 0] ../lib/util/become_daemon.c:124(daemon_ready) Nov 1 14:06:23 freenas winbindd[9226]: STATUS=daemon 'winbindd' finished starting up and ready to serve connections Nov 1 14:06:28 freenas winbindd[9226]: [2016/11/01 14:06:28.337180, 0] ../source3/librpc/crypto/gse.c:341(gse_get_client_auth_token) Nov 1 14:06:28 freenas winbindd[9226]: gss_init_sec_context failed with [ Miscellaneous failure (see text): Clock skew too great] Nov 1 14:06:28 freenas winbindd[9226]: [2016/11/01 14:06:28.337211, 1] ../auth/gensec/spnego.c:619(gensec_spnego_create_negTokenInit) Nov 1 14:06:28 freenas winbindd[9226]: SPNEGO(gse_krb5) creating NEG_TOKEN_INIT failed: NT_STATUS_INTERNAL_ERROR Nov 1 14:22:06 freenas manage.py: [common.pipesubr:66] Popen()ing: zfs list -H -o mountpoint,name Nov 1 14:22:07 freenas generate_smb4_conf.py: [common.pipesubr:66] Popen()ing: /sbin/sysctl -n 'kern.maxfilesperproc' Nov 1 14:22:08 freenas generate_smb4_conf.py: [common.pipesubr:66] Popen()ing: klist Nov 1 14:22:08 freenas generate_smb4_conf.py: [common.pipesubr:66] Popen()ing: mount Nov 1 14:22:08 freenas generate_smb4_conf.py: [common.pipesubr:66] Popen()ing: mount Nov 1 14:22:08 freenas generate_smb4_conf.py: [common.pipesubr:66] Popen()ing: /usr/local/bin/net -d 0 getlocalsid Nov 1 14:22:08 freenas notifier: Performing sanity check on Samba configuration: OK Nov 1 14:22:08 freenas notifier: Reloading nmbd. Nov 1 14:22:08 freenas nmbd[9217]: [2016/11/01 14:22:08.468493, 0] ../source3/nmbd/nmbd_workgroupdb.c:276(dump_workgroups) Nov 1 14:22:08 freenas nmbd[9217]: dump_workgroups() Nov 1 14:22:08 freenas nmbd[9217]: dump workgroup on subnet 000.000.000.000: netmask= 000.000.000.000: Nov 1 14:22:08 freenas nmbd[9217]: DomainName(1) current master browser = COMPUTERNAME Nov 1 14:22:08 freenas nmbd[9217]: FREENAS 40809b03 (FreeNAS Server) Nov 1 14:22:08 freenas nmbd[9217]: ARIF-PC 40071003 () Nov 1 14:22:08 freenas nmbd[9217]: [2016/11/01 14:22:08.468556, 0] ../source3/nmbd/nmbd_workgroupdb.c:276(dump_workgroups) Nov 1 14:22:08 freenas nmbd[9217]: dump_workgroups() Nov 1 14:22:08 freenas nmbd[9217]: dump workgroup on subnet 10.10.10.1: netmask= 000.000.000.000: Nov 1 14:22:08 freenas nmbd[9217]: DomainName(1) current master browser = UNKNOWN Nov 1 14:22:08 freenas nmbd[9217]: FREENAS 40809b03 (FreeNAS Server) Nov 1 14:22:08 freenas notifier: Reloading smbd. Nov 1 14:22:08 freenas notifier: Reloading winbindd. Nov 1 14:22:08 freenas notifier: Stopping mdnsd. Nov 1 14:22:08 freenas mDNSResponder: mDNSResponder (Engineering Build) (Oct 3 2016 06:58:50) stopping Nov 1 14:22:08 freenas mDNSResponder: mDNS_FinalExit failed to send goodbye for: 0000000801485580 01 32 _afpovertcp._tcp.local. PTR freenas._afpovertcp._tcp.local. Nov 1 14:22:08 freenas mDNSResponder: mDNS_FinalExit failed to send goodbye for: 0000000801481580 01 27 _adisk._tcp.local. PTR freenas._adisk._tcp.local. Nov 1 14:22:08 freenas mDNSResponder: mDNS_FinalExit failed to send goodbye for: 000000080147C580 01 33 _device-info._tcp.local. PTR freenas._device-info._tcp.local. Nov 1 14:22:08 freenas mDNSResponder: mDNS_FinalExit failed to send goodbye for: 0000000801489580 01 25 _ssh._tcp.local. PTR freenas._ssh._tcp.local. Nov 1 14:22:08 freenas mDNSResponder: mDNS_FinalExit failed to send goodbye for: 000000080148B580 01 30 _sftp-ssh._tcp.local. PTR freenas._sftp-ssh._tcp.local. Nov 1 14:22:08 freenas mDNSResponder: mDNS_FinalExit failed to send goodbye for: 000000080148D580 01 26 _http._tcp.local. PTR freenas._http._tcp.local. Nov 1 14:22:08 freenas mDNSResponder: mDNS_FinalExit failed to send goodbye for: 0000000801493580 01 25 _smb._tcp.local. PTR freenas._smb._tcp.local. Nov 1 14:22:08 freenas netatalk[3175]: dnssd_clientstub DNSServiceProcessResult called with DNSServiceRef with no ProcessReply function Nov 1 14:22:08 freenas netatalk[3175]: dnssd_clientstub DNSServiceProcessResult called with DNSServiceRef with no ProcessReply function Nov 1 14:22:08 freenas netatalk[3175]: dnssd_clientstub DNSServiceProcessResult called with DNSServiceRef with no ProcessReply function Nov 1 14:22:08 freenas netatalk[3175]: dnssd_clientstub DNSServiceProcessResult called with DNSServiceRef with no ProcessReply function Nov 1 14:22:08 freenas netatalk[3175]: dnssd_clientstub DNSServiceProcessResult called with DNSServiceRef with no ProcessReply function Nov 1 14:22:08 freenas netatalk[3175]: dnssd_clientstub DNSServiceProcessResult called with DNSServiceRef with no ProcessReply function Nov 1 14:22:08 freenas netatalk[3175]: dnssd_clientstub DNSServiceProcessResult called with DNSServiceRef with no ProcessReply function Nov 1 14:22:08 freenas netatalk[3175]: dnssd_clientstub DNSServiceProcessResult called with DNSServiceRef with no ProcessReply function Nov 1 14:22:08 freenas netatalk[3175]: dnssd_clientstub DNSServiceProcessResult called with DNSServiceRef with no ProcessReply function Nov 1 14:22:08 freenas netatalk[3175]: dnssd_clientstub DNSServiceProcessResult called with DNSServiceRef with no ProcessReply function Nov 1 14:22:08 freenas smbd[9221]: dnssd_clientstub DNSServiceProcessResult called with DNSServiceRef with no ProcessReply function Nov 1 14:22:08 freenas notifier: Waiting for PIDS: 3171. Nov 1 14:22:08 freenas notifier: Starting mdnsd. Nov 1 14:22:08 freenas mDNSResponder: mDNSResponder (Engineering Build) (Oct 3 2016 06:58:50) starting Nov 1 14:22:08 freenas mDNSResponder: 12: Listening for incoming Unix Domain Socket client requests Nov 1 14:22:08 freenas mDNSResponder: mDNS_AddDNSServer: Lock not held! mDNS_busy (0) mDNS_reentrancy (0) Nov 1 14:22:08 freenas mDNSResponder: CheckNATMappings: Failed to allocate port 5350 UDP multicast socket for PCP & NAT-PMP announcements Nov 1 14:22:10 freenas mDNSResponder: mDNS_Register_internal: ERROR!! Tried to register AuthRecord 0000000801406D60 freenas.local. (Addr) that's already in the list Nov 1 14:22:10 freenas mDNSResponder: mDNS_Register_internal: ERROR!! Tried to register AuthRecord 0000000801407180 000.000.000.000.in-addr.arpa. (PTR) that's already in the list Nov 1 14:22:10 freenas mDNSResponder: mDNS_Register_internal: ERROR!! Tried to register AuthRecord 0000000801409D60 freenas.local. (Addr) that's already in the list Nov 1 14:22:10 freenas mDNSResponder: mDNS_Register_internal: ERROR!! Tried to register AuthRecord 000000080140A180 000.000.000.000.in-addr.arpa. (PTR) that's already in the list