SOLVED Cant access CIFS via AD. Was working.

[berrick]

FreeNAS has been working great then all sudden like I couldn't access my CIFS shares with AD credentials.

I am not sure what to check or try next as the things I have tried so far haven't helped. Below are some of what I have tried. Would be interested in suggestions.

• Checked both fwd and rev DNS with nslookup and all OK
• Checked NTP and is OK
• wbinfo -t -p -u -g all return correct info
• Both Directory services and CIFS start. Once started I can issue net ads join -U administrator and I'm told I'm joined
• Tried stopping and starting the services and rebooting FreeNAS to no avail
• Changed AD and CIFS to workgroup and back to domain

Starting Directory services results in the following

Jun 21 15:06:07 NASbox ActiveDirectory: /usr/sbin/service ix-kerberos quietstart
Jun 21 15:06:08 NASbox ActiveDirectory: /usr/sbin/service ix-nsswitch quietstart
Jun 21 15:06:08 NASbox ActiveDirectory: /usr/sbin/service ix-pam quietstart
Jun 21 15:06:08 NASbox ActiveDirectory: /usr/sbin/service ix-kinit quietstart
Jun 21 15:06:19 NASbox ActiveDirectory: /usr/sbin/service ix-kinit status
Jun 21 15:06:19 NASbox ActiveDirectory: /usr/sbin/service ix-samba quietstart
Jun 21 15:06:19 NASbox ActiveDirectory: /usr/local/bin/python /usr/local/www/freenasUI/middleware/notifier.py start cifs
Jun 21 15:06:21 NASbox notifier: Removing stale Samba tdb files: ....... done
Jun 21 15:06:21 NASbox notifier: Starting nmbd.
Jun 21 15:06:21 NASbox notifier: Starting smbd.
Jun 21 15:06:21 NASbox notifier: Starting winbindd.
Jun 21 15:06:21 NASbox winbindd[5632]: [2015/06/21 15:06:21.853567, 0] winbindd/winbindd_util.c:635(init_domain_list)
Jun 21 15:06:21 NASbox winbindd[5632]: Could not fetch our SID - did we join?
Jun 21 15:06:21 NASbox winbindd[5632]: [2015/06/21 15:06:21.853901, 0] winbindd/winbindd.c:1108(winbindd_register_handlers)
Jun 21 15:06:21 NASbox winbindd[5632]: unable to initialize domain list
Jun 21 15:06:21 NASbox ActiveDirectory: /usr/sbin/service ix-activedirectory quietstart
Jun 21 15:06:25 NASbox ActiveDirectory: /usr/sbin/service ix-activedirectory status
Jun 21 15:06:26 NASbox ActiveDirectory: /usr/local/bin/python /usr/local/www/freenasUI/middleware/notifier.py stop cifs
Jun 21 15:06:27 NASbox notifier: dbus not running? (check /var/run/dbus/dbus.pid).
Jun 21 15:06:27 NASbox notifier: Will not 'restart' dbus because dbus_enable is NO.
Jun 21 15:06:27 NASbox notifier: Stopping avahi-daemon.
Jun 21 15:06:27 NASbox notifier: Failed to kill daemon: No such file or directory
Jun 21 15:06:27 NASbox notifier: Will not 'restart' avahi_daemon because avahi_daemon_enable is NO.
Jun 21 15:06:27 NASbox notifier: winbindd not running? (check /var/run/samba/winbindd.pid).
Jun 21 15:06:27 NASbox notifier: Stopping smbd.
Jun 21 15:06:28 NASbox notifier: Waiting for PIDS: 5628, 5628.
Jun 21 15:06:28 NASbox notifier: Stopping nmbd.
Jun 21 15:06:28 NASbox notifier: Waiting for PIDS: 5624.
Jun 21 15:06:28 NASbox ActiveDirectory: /usr/local/bin/python /usr/local/www/freenasUI/middleware/notifier.py start cifs
Jun 21 15:06:30 NASbox notifier: Removing stale Samba tdb files: ...... done
Jun 21 15:06:30 NASbox notifier: Starting nmbd.
Jun 21 15:06:30 NASbox notifier: Starting smbd.
Jun 21 15:06:30 NASbox notifier: Starting winbindd.
Jun 21 15:06:30 NASbox ActiveDirectory: /usr/sbin/service ix-cache quietstart &
Jun 21 15:06:32 NASbox winbindd[6676]: [2015/06/21 15:06:32.936159, 0] winbindd/idmap_tdb.c:149(idmap_tdb_upgrade)
Jun 21 15:06:32 NASbox winbindd[6676]: Upgrading winbindd_idmap.tdb from an old version
Jun 21 15:06:35 NASbox winbindd[6563]: [2015/06/21 15:06:35.632428, 0] libsmb/cliconnect.c:1865(cli_session_setup_spnego)
Jun 21 15:06:35 NASbox winbindd[6563]: Kinit failed: Client not found in Kerberos database
Jun 21 15:06:36 NASbox manage.py: [py.warnings:744] /usr/local/www/freenasUI/../freenasUI/common/freenasldap.py:744: DeprecationWarning: object() takes no parameters obj = super(FreeNAS_ActiveDirectory_Base, cls).__new__(cls, **kwargs)
Jun 21 15:06:40 NASbox winbindd[6676]: [2015/06/21 15:06:40.645961, 0] libsmb/cliconnect.c:1865(cli_session_setup_spnego)
Jun 21 15:06:40 NASbox winbindd[6676]: Kinit failed: Client not found in Kerberos database

I dont seem able to perminantly stop Kinit failed: Client not found and not sure why I receive Could not fetch our SID or why I get Will not 'restart' avahi_daemon because avahi_daemon_enable is NO.

TYIA

 

[anodos]

Post your smb4.conf file. What version of FreeNAS?

 

[berrick]

Thanks for the reply. I'm using FreeNAS-9.1.1-RELEASE-x64 (a752d35) (see my sig for more info ;)) therefore not using Samba4?

Last night I re booted the PDC which initially didnt seem to help, recieved lots of

Jun 21 18:20:51 NAS winbindd[25381]: [2015/06/21 18:20:51.727368, 0] libads/kerberos_util.c:101(ads_kinit_password)
Jun 21 18:20:51 NAS winbindd[25381]: kerberos_kinit_password NAS$@NAS.CO.UK failed: Client not found in Kerberos database

Followed by

Jun 21 18:24:28 NAS winbindd[25381]: Kinit failed: Client not found in Kerberos database
Jun 21 18:24:28 NAS winbindd[25381]: [2015/06/21 18:24:28.031657, 0] libsmb/cliconnect.c:1865(cli_session_setup_spnego)

Eventually I restarted DS on the FreeNAS box again and lo and be hold AD authentication is working! :)

Samba Conf (domain name chaged)

[global]
encrypt passwords = yes
dns proxy = no
strict locking = no
read raw = yes
write raw = yes
oplocks = yes
max xmit = 65535
deadtime = 15
display charset = LOCALE
max log size = 10
syslog only = yes
syslog = 1
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
smb passwd file = /var/etc/private/smbpasswd
private dir = /var/etc/private
getwd cache = yes
guest account = nobody
map to guest = Bad Password
obey pam restrictions = Yes
# NOTE: read smb.conf.
directory name cache size = 0
max protocol = SMB2
server string = FreeNAS Server
ea support = yes
store dos attributes = yes
hostname lookups = yes
netbios name = NAS
workgroup = NAS

security = ADS
realm = NAS.CO.UK
client use spnego = yes
cache directory = /var/tmp/.cache/.samba

wins server = 192.168.0.78
password server = 192.168.0.78

local master = no
domain master = no
preferred master = no

inherit acls = yes
acl compatibility = auto
acl check permissions = true
acl map full control = true
dos filemode = yes

idmap uid = 10000-19999
idmap gid = 10000-19999

winbind cache time = 7200
winbind offline logon = yes
winbind enum users = yes
winbind enum groups = yes
winbind nested groups = yes
winbind use default domain = yes
winbind refresh tickets = yes

allow trusted domains = no

template shell = /bin/sh
template homedir = /home/%U

idmap config NAS: backend = rid
idmap config NAS: range = 20000-20000000
create mask = 0666
directory mask = 0777
client ntlmv2 auth = yes
dos charset = CP437
unix charset = UTF-8
log level = 10


[DataStore]
path = /mnt/NAS/Media
printable = no
veto files = /.snap/.windows/.zfs/
writeable = yes
browseable = yes
inherit owner = yes
inherit permissions = yes
vfs objects = zfsacl
guest ok = no
inherit acls = Yes
map archive = No
map readonly = no
nfs4:mode = special
nfs4:acedup = merge
nfs4:chown = yes

 

[anodos]

Nothing really stands out to me in your smb.conf, but I'm far from an expert on AD. You'll probably want to drop your logging level back to 1.

You probably already know this, but you're running an old version of FreeNAS on an under-resourced machine.

 

[berrick]

You probably already know this, but you're running an old version of FreeNAS on an under-resourced machine

YEP ;) but with the version of freenas I'm running it works. It does everything I need. I'm only interested in using it for storage no apps etc.

TY anyways