Upgrading 9.2.1.9 to 9.3 unable to strat AD service

[Ico747]

After upgrade to 9.3 I could not start AD service. Domain controller is Microsoft SBS 2011.
wbinfo -t
checking the trust secret for domain XXXX via RPC calls failed
error code was NT_STATUS_NO_SUCH_DOMAIN (0xc00000df)
failed to call wbcCheckTrustCredentials: WBC_ERR_AUTH_ERROR
Could not check secret

Time in freenas machine is the same as in DC.
Please advice what I could check more.

More info
Domain Controller: (empty)
Idmap backend: ad
SASL wrapping: plane
Verbose logging: X (see log1.txt)

[root@nas] /var/log# wbinfo -t
checking the trust secret for domain XXXX via RPC calls succeeded
wbinfo -u - *shows all domail users
[root@nas] /var/log# net ads join -S XXXX -U John
Enter John's password:
Failed to join domain: failed to lookup DC info for domain 'XXXX.LOCAL' over rpc: Undetermined error

If Domain Controller: sbs.XXXX.LOCAL (DC FQDN) *see log2.txt

[root@nas] /var/log# wbinfo -t
could not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE
could not obtain winbind domain name!
checking the trust secret for domain (null) via RPC calls failed
failed to call wbcCheckTrustCredentials: WBC_ERR_WINBIND_NOT_AVAILABLE
Could not check secret

 

[dlavigne]

Please create a bug report at bugs.freenas.org that includes your smb4.conf and post the issue number here.

 

[Ico747]

@dlavigne Tank you.
I had to switch back to 9.2.1.9. In 9.2.1.9 smb4.conf
idmap config XXXX: backend = rid
idmap config XXXX: range = 20000-20000000

ldap sasl wrapping is missing plain is default

My be I shout try with
Idmap backend: rid
SASL wrapping: plain

and create bug report?

 

[dlavigne]

Sounds like a plan.

 

[Ico747]

Finally it works. Following the Active Directory setting from 9.2.1.1 I set Active Directory in 9.3 as follows:
1.Do not specify Domain Controler e.g. default setting
2. Use rid instead of default ad as Idmap backend:
3. Change default Idmap Range from default 10000-90000000 to 20000-20000000