SOLVED I need to change the host name of domain joined TrueNAS

[Matt_G]

Changing the host name isn't a big deal.
However, I have to leave the domain to change the NetBios name the SMB service advertises.

So my question is this.
If I leave the domain, change the NetBios name in SMB config and the Active Directory config, and then rejoin, won't it break all my ACL's?
Anyone done this before?

 

[anodos]

Changing the host name isn't a big deal.
However, I have to leave the domain to change the NetBios name the SMB service advertises.

So my question is this.
If I leave the domain, change the NetBios name in SMB config and the Active Directory config, and then rejoin, won't it break all my ACL's?
Anyone done this before?

No. It won't break ACLs. You could run into ACL issues if you leave the AD domain and join a different domain, but this (changing netbios name) will have no impact on mapping of AD accounts to local unix IDs. You should make sure you first cleanly leave the domain, make sure that old DNS references to the old netbiosname have been removed, and then rejoin AD. This process removes / recreates AD computer accounts.

Some users mistakenly think that they can create a CNAME entry in AD to point to the new computer object (old AD netbios name to new one). This will not work since SMB clients will strictly validate kerberos SPNs. This means that prior to re-joining AD, you may wish to add the old name as a netbios alias (which will cause net ads to add a kerberos SPN entry for the old name so that you have a better chance of not breaking clients with the change).

 

[Matt_G]

Thanks for the info Anodos.
Just to be clear, I don't have any AD accounts mapped to accounts in Truenas.
All the share and file permissions were done with the AD accounts when I originally set this up in version 11.1.
It has just been upgraded several times and is now on version 12.0 U8.1
In other words, it may not be done the proper way.

 

[anodos]

Thanks for the info Anodos.
Just to be clear, I don't have any AD accounts mapped to accounts in Truenas.
All the share and file permissions were done with the AD accounts when I originally set this up in version 11.1.
It has just been upgraded several times and is now on version 12.0 U8.1
In other words, it may not be done the proper way.

The winbindd service maps SIDs to unix IDs. If you server was ever usable in an AD environment then the mapping was happening as expected (automatically). How they get mapped depends on the directory service idmap configuration on your server. If you make a change to the idmapping configuration then permissions will no longer work as expected. Local filesystems on *nix evaluate access based on the ids of the process doing things and and/or the file's mode (with stored uid / gid) and ACL (which is a list of access directives that include numeric ids, id type, etc). Actual names of users are not stored on-disk (this is the way things work across OSes generally) in the ACL.

 

[Matt_G]

Thanks again.
I just learned a few things.
I'll post back with results after I do this which will probably be tomorrow.

 

[Matt_G]

The reason I am even wanting to do this is because of an issue I am having with MediaMonkey.
It will be playing music out of a random playlist and then start to "not see" the files.
The path in the database is \\hostname\sharename\filename.flac
This just started happening in the past few months...not sure when exactly.
It is quite an annoying problem.

One of the devs for MediaMonkey suggested that I "update" the database (using the Locate moved/missing files tool) and configure MM to use the IP address instead of the hostname as a fix for this.
The issue is that if the old path is still available, the database won't allow you to change to a new path.
So that is why I am looking to change the hostname/SMB config of my TrueNAS box.

Can you think of anything in TrueNAS that could be causing my issue?
I turned on SMB v1 just for giggles and while that did help some it is by no means the fix.
I will be turning that off again.

 

[Matt_G]

I am marking this as solved without having changed the name of the box.
After looking at all the work that was going to entail (A butt ton load of busted shortcuts on numerous computers) and the issue I was trying to solve, it started feeling like I was trying to kill a fly with a 10 pound sledge-hammer.
The squeeze just isn't worth the juice I'll get.
There are other ways to solve my original issue.