mdrisser
Dabbler
- Joined
- Nov 13, 2015
- Messages
- 19
I am currently unable to join a FreeNAS 9.3 server to a Server 2012R2 domain.
Running a command I found in a similar problem in the bug tracker: net -k ads join domain.local -d 9
results in the following output:
INFO: Current debug levels:
all: 9
tdb: 9
printdrivers: 9
lanman: 9
smb: 9
rpc_parse: 9
rpc_srv: 9
rpc_cli: 9
passdb: 9
sam: 9
auth: 9
winbind: 9
vfs: 9
idmap: 9
quota: 9
acls: 9
locking: 9
msdfs: 9
dmapi: 9
registry: 9
scavenger: 9
dns: 9
ldb: 9
lp_load_ex: refreshing parameters
Initialising global parameters
INFO: Current debug levels:
all: 9
tdb: 9
printdrivers: 9
lanman: 9
smb: 9
rpc_parse: 9
rpc_srv: 9
rpc_cli: 9
passdb: 9
sam: 9
auth: 9
winbind: 9
vfs: 9
idmap: 9
quota: 9
acls: 9
locking: 9
msdfs: 9
dmapi: 9
registry: 9
scavenger: 9
dns: 9
ldb: 9
params.c:pm_process() - Processing configuration file "/usr/local/etc/smb4.conf"
Processing section "[global]"
doing parameter server max protocol = SMB3
doing parameter encrypt passwords = yes
doing parameter dns proxy = no
doing parameter strict locking = no
doing parameter oplocks = yes
doing parameter deadtime = 15
doing parameter max log size = 51200
doing parameter max open files = 235154
doing parameter load printers = no
doing parameter printing = bsd
doing parameter printcap name = /dev/null
doing parameter disable spoolss = yes
doing parameter getwd cache = yes
doing parameter guest account = nobody
doing parameter map to guest = Bad User
doing parameter obey pam restrictions = yes
doing parameter directory name cache size = 0
doing parameter kernel change notify = no
doing parameter panic action = /usr/local/libexec/samba/samba-backtrace
doing parameter nsupdate command = /usr/local/bin/samba-nsupdate -g
doing parameter server string = FreeNAS Test Server
doing parameter ea support = yes
doing parameter store dos attributes = yes
doing parameter lm announce = yes
doing parameter hostname lookups = yes
doing parameter acl allow execute always = true
doing parameter acl check permissions = true
doing parameter dos filemode = yes
doing parameter multicast dns register = yes
doing parameter domain logons = no
doing parameter idmap config *: backend = tdb
doing parameter idmap config *: range = 90000001-100000000
doing parameter server role = member server
doing parameter netbios name = FREENAS
doing parameter workgroup = PD
doing parameter realm = DOMAIN.LOCAL
doing parameter security = ADS
doing parameter client use spnego = yes
doing parameter cache directory = /var/tmp/.cache/.samba
doing parameter local master = no
doing parameter domain master = no
doing parameter preferred master = no
doing parameter winbind cache time = 7200
doing parameter winbind offline logon = yes
doing parameter winbind enum users = yes
doing parameter winbind enum groups = yes
doing parameter winbind nested groups = yes
doing parameter winbind use default domain = yes
doing parameter winbind refresh tickets = yes
doing parameter idmap config PD: backend = rid
doing parameter idmap config PD: range = 20000-90000000
doing parameter allow trusted domains = no
doing parameter client ldap sasl wrapping = plain
doing parameter template shell = /bin/sh
doing parameter template homedir = /home/%U
doing parameter pid directory = /var/run/samba
doing parameter create mask = 0666
doing parameter directory mask = 0777
doing parameter client ntlmv2 auth = yes
doing parameter dos charset = CP437
doing parameter unix charset = UTF-8
doing parameter log level = 1
pm_process() returned Yes
lp_servicenumber: couldn't find homes
Netbios name list:-
my_netbios_names[0]="FREENAS"
added interface em0 ip=192.168.3.52 bcast=192.168.3.255 netmask=255.255.255.0
added interface em1 ip=192.168.3.53 bcast=192.168.3.255 netmask=255.255.255.0
Registering messaging pointer for type 2 - private_data=0x0
Registering messaging pointer for type 9 - private_data=0x0
Registered MSG_REQ_POOL_USAGE
Registering messaging pointer for type 11 - private_data=0x0
Registering messaging pointer for type 12 - private_data=0x0
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
Registering messaging pointer for type 1 - private_data=0x0
Registering messaging pointer for type 5 - private_data=0x0
libnet_Join:
libnet_JoinCtx: struct libnet_JoinCtx
in: struct libnet_JoinCtx
dc_name : NULL
machine_name : 'FREENAS'
domain_name : *
domain_name : 'domain.local'
account_ou : NULL
admin_account : 'root'
machine_password : NULL
join_flags : 0x00000023 (35)
0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS
0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME
0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT
0: WKSSVC_JOIN_FLAGS_DEFER_SPN
0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED
0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE
1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED
0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE
0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE
1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE
1: WKSSVC_JOIN_FLAGS_JOIN_TYPE
os_version : NULL
os_name : NULL
create_upn : 0x00 (0)
upn : NULL
modify_config : 0x00 (0)
ads : NULL
debug : 0x01 (1)
use_kerberos : 0x01 (1)
secure_channel_type : SEC_CHAN_WKSTA (2)
Opening cache file at /var/tmp/.cache/.samba/gencache.tdb
Opening cache file at /var/db/samba4/gencache_notrans.tdb
sitename_fetch: No stored sitename for pd.local
ads_dns_lookup_srv: 2 records returned in the answer section.
sitename_fetch: Returning sitename for DOMAIN.LOCAL: "Default-First-Site-Name"
no entry for DC01.domain.local#20 found.
resolve_lmhosts: Attempting lmhosts lookup for name DC01.domain.local<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name DC01.domain.local<0x20>
startlmhosts: Can't open lmhosts file /usr/local/etc/lmhosts. Error was No such file or directory
resolve_wins: WINS server resolution selected and no WINS servers listed.
resolve_hosts: Attempting host lookup for name DC01.domain.local<0x20>
namecache_store: storing 1 address for DC01.domain.local#20: 192.168.3.109
Connecting to 192.168.3.109 at port 445
Socket options:
SO_KEEPALIVE = 0
SO_REUSEADDR = 0
SO_BROADCAST = 0
TCP_NODELAY = 4
Could not test socket option TCP_KEEPCNT.
Could not test socket option TCP_KEEPIDLE.
Could not test socket option TCP_KEEPINTVL.
IPTOS_LOWDELAY = 0
IPTOS_THROUGHPUT = 0
SO_REUSEPORT = 0
SO_SNDBUF = 33304
SO_RCVBUF = 66608
SO_SNDLOWAT = 2048
SO_RCVLOWAT = 1
SO_SNDTIMEO = 0
SO_RCVTIMEO = 0
libnet_Join:
libnet_JoinCtx: struct libnet_JoinCtx
out: struct libnet_JoinCtx
account_name : NULL
netbios_domain_name : NULL
dns_domain_name : NULL
forest_name : NULL
dn : NULL
domain_sid : NULL
domain_sid : (NULL SID)
modified_config : 0x00 (0)
error_string : 'failed to lookup DC info for domain 'domain.local' over rpc: NT_STATUS_CONNECTION_RESET'
domain_is_ad : 0x00 (0)
result : WERR_NETNAME_DELETED
Failed to join domain: failed to lookup DC info for domain 'domain.local' over rpc: NT_STATUS_CONNECTION_RESET
return code = -1
The really interesting part is that it fails to lookup DC info for the domain.
If I run host -t srv _ldap._tcp.domain.local it returns:
_ldap._tcp.domain.local has SRV record 0 100 389 dc01.domain.local.
_ldap._tcp.domain.local has SRV record 0 100 389 dc02.domain.local.
So the SRV records are there and are accessible.
Just in case anyone asks ;)
Running a command I found in a similar problem in the bug tracker: net -k ads join domain.local -d 9
results in the following output:
INFO: Current debug levels:
all: 9
tdb: 9
printdrivers: 9
lanman: 9
smb: 9
rpc_parse: 9
rpc_srv: 9
rpc_cli: 9
passdb: 9
sam: 9
auth: 9
winbind: 9
vfs: 9
idmap: 9
quota: 9
acls: 9
locking: 9
msdfs: 9
dmapi: 9
registry: 9
scavenger: 9
dns: 9
ldb: 9
lp_load_ex: refreshing parameters
Initialising global parameters
INFO: Current debug levels:
all: 9
tdb: 9
printdrivers: 9
lanman: 9
smb: 9
rpc_parse: 9
rpc_srv: 9
rpc_cli: 9
passdb: 9
sam: 9
auth: 9
winbind: 9
vfs: 9
idmap: 9
quota: 9
acls: 9
locking: 9
msdfs: 9
dmapi: 9
registry: 9
scavenger: 9
dns: 9
ldb: 9
params.c:pm_process() - Processing configuration file "/usr/local/etc/smb4.conf"
Processing section "[global]"
doing parameter server max protocol = SMB3
doing parameter encrypt passwords = yes
doing parameter dns proxy = no
doing parameter strict locking = no
doing parameter oplocks = yes
doing parameter deadtime = 15
doing parameter max log size = 51200
doing parameter max open files = 235154
doing parameter load printers = no
doing parameter printing = bsd
doing parameter printcap name = /dev/null
doing parameter disable spoolss = yes
doing parameter getwd cache = yes
doing parameter guest account = nobody
doing parameter map to guest = Bad User
doing parameter obey pam restrictions = yes
doing parameter directory name cache size = 0
doing parameter kernel change notify = no
doing parameter panic action = /usr/local/libexec/samba/samba-backtrace
doing parameter nsupdate command = /usr/local/bin/samba-nsupdate -g
doing parameter server string = FreeNAS Test Server
doing parameter ea support = yes
doing parameter store dos attributes = yes
doing parameter lm announce = yes
doing parameter hostname lookups = yes
doing parameter acl allow execute always = true
doing parameter acl check permissions = true
doing parameter dos filemode = yes
doing parameter multicast dns register = yes
doing parameter domain logons = no
doing parameter idmap config *: backend = tdb
doing parameter idmap config *: range = 90000001-100000000
doing parameter server role = member server
doing parameter netbios name = FREENAS
doing parameter workgroup = PD
doing parameter realm = DOMAIN.LOCAL
doing parameter security = ADS
doing parameter client use spnego = yes
doing parameter cache directory = /var/tmp/.cache/.samba
doing parameter local master = no
doing parameter domain master = no
doing parameter preferred master = no
doing parameter winbind cache time = 7200
doing parameter winbind offline logon = yes
doing parameter winbind enum users = yes
doing parameter winbind enum groups = yes
doing parameter winbind nested groups = yes
doing parameter winbind use default domain = yes
doing parameter winbind refresh tickets = yes
doing parameter idmap config PD: backend = rid
doing parameter idmap config PD: range = 20000-90000000
doing parameter allow trusted domains = no
doing parameter client ldap sasl wrapping = plain
doing parameter template shell = /bin/sh
doing parameter template homedir = /home/%U
doing parameter pid directory = /var/run/samba
doing parameter create mask = 0666
doing parameter directory mask = 0777
doing parameter client ntlmv2 auth = yes
doing parameter dos charset = CP437
doing parameter unix charset = UTF-8
doing parameter log level = 1
pm_process() returned Yes
lp_servicenumber: couldn't find homes
Netbios name list:-
my_netbios_names[0]="FREENAS"
added interface em0 ip=192.168.3.52 bcast=192.168.3.255 netmask=255.255.255.0
added interface em1 ip=192.168.3.53 bcast=192.168.3.255 netmask=255.255.255.0
Registering messaging pointer for type 2 - private_data=0x0
Registering messaging pointer for type 9 - private_data=0x0
Registered MSG_REQ_POOL_USAGE
Registering messaging pointer for type 11 - private_data=0x0
Registering messaging pointer for type 12 - private_data=0x0
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
Registering messaging pointer for type 1 - private_data=0x0
Registering messaging pointer for type 5 - private_data=0x0
libnet_Join:
libnet_JoinCtx: struct libnet_JoinCtx
in: struct libnet_JoinCtx
dc_name : NULL
machine_name : 'FREENAS'
domain_name : *
domain_name : 'domain.local'
account_ou : NULL
admin_account : 'root'
machine_password : NULL
join_flags : 0x00000023 (35)
0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS
0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME
0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT
0: WKSSVC_JOIN_FLAGS_DEFER_SPN
0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED
0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE
1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED
0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE
0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE
1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE
1: WKSSVC_JOIN_FLAGS_JOIN_TYPE
os_version : NULL
os_name : NULL
create_upn : 0x00 (0)
upn : NULL
modify_config : 0x00 (0)
ads : NULL
debug : 0x01 (1)
use_kerberos : 0x01 (1)
secure_channel_type : SEC_CHAN_WKSTA (2)
Opening cache file at /var/tmp/.cache/.samba/gencache.tdb
Opening cache file at /var/db/samba4/gencache_notrans.tdb
sitename_fetch: No stored sitename for pd.local
ads_dns_lookup_srv: 2 records returned in the answer section.
sitename_fetch: Returning sitename for DOMAIN.LOCAL: "Default-First-Site-Name"
no entry for DC01.domain.local#20 found.
resolve_lmhosts: Attempting lmhosts lookup for name DC01.domain.local<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name DC01.domain.local<0x20>
startlmhosts: Can't open lmhosts file /usr/local/etc/lmhosts. Error was No such file or directory
resolve_wins: WINS server resolution selected and no WINS servers listed.
resolve_hosts: Attempting host lookup for name DC01.domain.local<0x20>
namecache_store: storing 1 address for DC01.domain.local#20: 192.168.3.109
Connecting to 192.168.3.109 at port 445
Socket options:
SO_KEEPALIVE = 0
SO_REUSEADDR = 0
SO_BROADCAST = 0
TCP_NODELAY = 4
Could not test socket option TCP_KEEPCNT.
Could not test socket option TCP_KEEPIDLE.
Could not test socket option TCP_KEEPINTVL.
IPTOS_LOWDELAY = 0
IPTOS_THROUGHPUT = 0
SO_REUSEPORT = 0
SO_SNDBUF = 33304
SO_RCVBUF = 66608
SO_SNDLOWAT = 2048
SO_RCVLOWAT = 1
SO_SNDTIMEO = 0
SO_RCVTIMEO = 0
libnet_Join:
libnet_JoinCtx: struct libnet_JoinCtx
out: struct libnet_JoinCtx
account_name : NULL
netbios_domain_name : NULL
dns_domain_name : NULL
forest_name : NULL
dn : NULL
domain_sid : NULL
domain_sid : (NULL SID)
modified_config : 0x00 (0)
error_string : 'failed to lookup DC info for domain 'domain.local' over rpc: NT_STATUS_CONNECTION_RESET'
domain_is_ad : 0x00 (0)
result : WERR_NETNAME_DELETED
Failed to join domain: failed to lookup DC info for domain 'domain.local' over rpc: NT_STATUS_CONNECTION_RESET
return code = -1
The really interesting part is that it fails to lookup DC info for the domain.
If I run host -t srv _ldap._tcp.domain.local it returns:
_ldap._tcp.domain.local has SRV record 0 100 389 dc01.domain.local.
_ldap._tcp.domain.local has SRV record 0 100 389 dc02.domain.local.
So the SRV records are there and are accessible.
Just in case anyone asks ;)
- DNS is working fine, names are resolving properly
- NTP servers on the FreeNAS box are pointing to the DCs and the times are in sync (less than a minute difference)
- I have tried manually adding the domain controller and the global catalog server in the web interface
- I have run through the troubleshooting steps in the manual