Simon Greer
Cadet
- Joined
- Mar 25, 2017
- Messages
- 4
Hi there
I've lost my whole weekend trying to figure this out before the work week starts again, and have got pretty much nowhere.
I've found on/off issues connecting our Freenas server to AD, and it seems to go awry whenever a restart takes place. On this particular occasion nothing seems to be working, and I've dug deeper than I've ever had to:
When using the GUI I get Middleware: Unable to load Active Directory errors. Occasionally this is replaced with a timeout error. I have done all of the usual checks - made sure that the DC and Freenas' times are in sync, checked the domain controllers can ping the Freenas and vice versa, and run the shell commands that are listed in the troubleshooting section of the documentation.
Here's some output from the troubleshooting commands. I guess it's notable that the second echo returns a 1 and there's no ticket:
It is possible to telnet port 88 from the NAS to the DC, but not the other way around (I think this is correct behaviour).
Anyone got any ideas?
I've lost my whole weekend trying to figure this out before the work week starts again, and have got pretty much nowhere.
I've found on/off issues connecting our Freenas server to AD, and it seems to go awry whenever a restart takes place. On this particular occasion nothing seems to be working, and I've dug deeper than I've ever had to:
When using the GUI I get Middleware: Unable to load Active Directory errors. Occasionally this is replaced with a timeout error. I have done all of the usual checks - made sure that the DC and Freenas' times are in sync, checked the domain controllers can ping the Freenas and vice versa, and run the shell commands that are listed in the troubleshooting section of the documentation.
Here's some output from the troubleshooting commands. I guess it's notable that the second echo returns a 1 and there's no ticket:
Code:
root@nas2:~ # sqlite3 /data/freenas-v1.db "update directoryservice_activedirectory set ad_enable=1;" root@nas2:~ # echo $? 0 root@nas2:~ # service ix-kerberos start root@nas2:~ # service ix-nsswitch start root@nas2:~ # service ix-kinit start kinit: krb5_get_init_creds: unable to reach any KDC in realm CORP.XXXXX.CO.UK root@nas2:~ # service ix-kinit status root@nas2:~ # echo $? 1 root@nas2:~ # klist klist: No ticket file: /tmp/krb5cc_0 root@nas2:~ #
It is possible to telnet port 88 from the NAS to the DC, but not the other way around (I think this is correct behaviour).
Anyone got any ideas?