vitaprimo
Dabbler
- Joined
- Jun 28, 2018
- Messages
- 27
I noticed TrueNAS left AD. There were some changes on the controllers so it wasn't unexpected.
I clicked <somewhere> that took me to the AD settings, it was prefilled with the Kerberos realm, which is the same as the domain. Since DNS is supposed to be case-insensitive, I just clicked on Save and watched on the console/ticker below make and fail the SRV query. I kept trying changing here and there but intentionally leaving the domain in capital letters and it would fail over and over. Finally I corrected it when it stopped being fun and it didn't quite join, but it didn't return an error and the status changed to JOINING.
Just to make sure it'll join, I requested a Kerberos ticket from the web CLI (it worked right away):
It's mostly if not only an host-authenticated NFS server, AD was joined only for "what if…" reasons so I have no real problem except a little guilt of not reporting it if I may be sitting on a bug. Is it a bug? or is it designed like that?
I clicked <somewhere> that took me to the AD settings, it was prefilled with the Kerberos realm, which is the same as the domain. Since DNS is supposed to be case-insensitive, I just clicked on Save and watched on the console/ticker below make and fail the SRV query. I kept trying changing here and there but intentionally leaving the domain in capital letters and it would fail over and over. Finally I corrected it when it stopped being fun and it didn't quite join, but it didn't return an error and the status changed to JOINING.
Just to make sure it'll join, I requested a Kerberos ticket from the web CLI (it worked right away):
Code:
root@zx1[~]# kinit maskedusername Password for maskedusername@MASKEDDOMA.IN: root@zx1[~]# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: maskedusername@MASKEDDOMA.IN Valid starting Expires Service principal 11/22/22 13:55:50 11/22/22 23:55:50 krbtgt/MASKEDDOMA.IN@MASKEDDOMA.IN renew until 11/23/22 13:55:45 root@zx1[~]#
It's mostly if not only an host-authenticated NFS server, AD was joined only for "what if…" reasons so I have no real problem except a little guilt of not reporting it if I may be sitting on a bug. Is it a bug? or is it designed like that?