Second Truenas Connected to AD

[Hellrazorx]

HI,

We've been using Truenas AD integration for several year now. Everything worked fine so far but now we want to de deploy a new file server under the same Domain.

I can successfully join the domain with the second Truenas Server (TN2):
- I'm Using the same ''user'' as principal to join the domain
- This second server is under another VLAN
(just saying)

Once TN2 joined the domain, everything works fine on TN2.
But while authenticated users can still access the file server on TN1, new users cannot. It displays the error message
``` You might not have permission to use this network resource. Contact the Administrator to find out if you have access permissions. ```

TN1 is in production so I reverted everything back to where it was before by Leaving Domain on TN2 and TN1, then rejoin the domain on TN1. Auth behaviors came back to normal on the users side.

I'm checking with you guys first before trying to virtualize the whole thing and simulate this behavior.

Is it possible I'd need to:
- Create a specific principal for each Truenas servers? Avoiding using the same one for both?
- Exploring a Identification conflict: Should I configure something else than the Network Hostname to avoid a domain join conflict?


Thanks for your input

 

[NugentS]

Are you attaching the second TN to AD with the same name as the first. Its something I did by mistake and it really messed up.
Make sure you change the TN name in all the locations - cos one of them matters - I just can't remember which one

 

[Patrick M. Hausen]

"Of course" you cannot have two systems with the same nebios name in one domain. I hope that much is obvious.

But I fell into the same trap with two CORE servers. Changing the hostname in the network settings is not enough! There's a separate netbios name setting in Services > SMB that must be changed before joining the domain. You might want to check your SCALE servers for that.

 

[Hellrazorx]

I did change the host name BUUUUT... I just realized I didn't reboot the instance... before joining. That might be it.

The remaining uncertainty is that TN1's name was changed to a specific, lovable name, lonnng ago...

"Of course" you cannot have two systems with the same nebios name in one domain. I hope that much is obvious.

But I fell into the same trap with two CORE servers. Changing the hostname in the network settings is not enough! There's a separate netbios name setting in Services > SMB that must be changed before joining the domain. You might want to check your SCALE servers for that.

As always Patrick. Thanks for that Sniping response.
I will need to change the netbios name under SMB service

It is still set to truenas... after all this time.

I'm not sure I understand everything about this parameter tho.
VS the hostname...

Is this the part of the DN that registers on windows server? Can I let to ''truenas'' on TN1 and simply specify a different Netbios name to TN2 and let it ugly as it is for TN1.. OR

If ever I want to set things right for TN1... Will I need to leave/rejoin domain and everything will be back on it's feet like if nothing ever happened?

Thank you

 

[Patrick M. Hausen]

The netbios name is exactly what is registered in the domain. And what you use in things like "\\server\share" ... the hostname is not relevant for AD as far as I understand.

 

[NugentS]

@Patrick M. Hausen - thanks - I couldn't remember where the parameter was