Kerberos errors after server power outage

[Simon Greer]

Hi there

I've lost my whole weekend trying to figure this out before the work week starts again, and have got pretty much nowhere.

I've found on/off issues connecting our Freenas server to AD, and it seems to go awry whenever a restart takes place. On this particular occasion nothing seems to be working, and I've dug deeper than I've ever had to:

When using the GUI I get Middleware: Unable to load Active Directory errors. Occasionally this is replaced with a timeout error. I have done all of the usual checks - made sure that the DC and Freenas' times are in sync, checked the domain controllers can ping the Freenas and vice versa, and run the shell commands that are listed in the troubleshooting section of the documentation.

Here's some output from the troubleshooting commands. I guess it's notable that the second echo returns a 1 and there's no ticket:

Code:

root@nas2:~ # sqlite3 /data/freenas-v1.db "update directoryservice_activedirectory set ad_enable=1;"
root@nas2:~ # echo $?
0
root@nas2:~ # service ix-kerberos start
root@nas2:~ # service ix-nsswitch start
root@nas2:~ # service ix-kinit start
kinit: krb5_get_init_creds: unable to reach any KDC in realm CORP.XXXXX.CO.UK
root@nas2:~ # service ix-kinit status
root@nas2:~ # echo $?
1
root@nas2:~ # klist
klist: No ticket file: /tmp/krb5cc_0
root@nas2:~ #

It is possible to telnet port 88 from the NAS to the DC, but not the other way around (I think this is correct behaviour).

Anyone got any ideas?

 

[dlavigne]

Were you able to resolve this?

If not, which build version of FreeNAS (from System -> Information)?