dstewart51
Dabbler
- Joined
- Apr 2, 2019
- Messages
- 12
I updated the activedirectory.py to the new version in post #39 by anodos on our problem system. Worked like a charm, I was able to join our AD and no issues after reboots.
If kinit is failing with "password incorrect" then the password is probably incorrect. You should run the command "midclt call activedirectory.config" and verify that your settings there are correct. There's a button on the top-right of the screen that shows the health of the directory services. If the AD service shows a status of "FAULTED" then we're failing health checks.Related to this, now instead of getting the [EFAULT] timed out error, I get the next error when I Enable and Save: Failed to validate bind credentials: [EFAULT] kinit for domain [****.****] with password failed: kinit: Password incorrect
I can ping the windows server from FreeNAS, and the other way around, and it does pick up the AD from the windows server as it tells me when I put a user that doesn't exist.
I had somehow reset the password of the user, so nevermind that. It now gives me the famous [EFAULT] timed out error again when I try enabling.If kinit is failing with "password incorrect" then the password is probably incorrect. You should run the command "midclt call activedirectory.config" and verify that your settings there are correct. There's a button on the top-right of the screen that shows the health of the directory services. If the AD service shows a status of "FAULTED" then we're failing health checks.
Is this with the latest version of activedirectory.py from the git repo I posted earlier or is this with the default in 11.3-U1?I had somehow reset the password of the user, so nevermind that. It now gives me the famous [EFAULT] timed out error again when I try enabling.
Even with the latest version it gives me the Timed out error.Is this with the latest version of activedirectory.py from the git repo I posted earlier or is this with the default in 11.3-U1?
Did you restart middlewared? The socket call only logs an error message on failure. If you are seeing an exception, then it sounds like you're not using the new code. If the issue persists after applying the version from the 11.3-stable branch and restarting middlewared, PM me the contents of /var/log/middlewared.log.Even with the latest version it gives me the Timed out error.
Yes, i did. I even restarted the server. I'm on my way to install 11.2 7-U just to see if it works like some have said.Did you restart middlewared? The socket call only logs an error message on failure. If you are seeing an exception, then it sounds like you're not using the new code. If the issue persists after applying the version from the 11.3-stable branch and restarting middlewared, PM me the contents of /var/log/middlewared.log.
I've put in quite a few fixes for U2 (which is a couple of weeks out). You can partially test for yourself using instructions earlier in this thread about how to replace the activedirectory plugin with the one from our 11.3-stable repository. There were also some python-ldap library fixes that you will have to wait until U2 for.I confirm this issues is also present on freenas 11.3 release (legacy) I've been fighting against my configuration for a good day now.
I could try and get a pcap with wireshark to find out why it doesn't work. We have a large Active directory with thousand of users. I tried creating the computer object first and then without tried multiple users over different domains in our forest. nothing works and access is not restricted anywhere on the network. getting a pcap might take some time as the freenas is fiber hooked and the only way I could get decent capture is by using a network tap on the trunk link (I do not have access to the DC directly only the active directory)
oh thanks much appreciated, we are trying to include this nas in a production environnement how long until by by couples a week how long are we talking about ? 3-5? more?I've put in quite a few fixes for U2 (which is a couple of weeks out). You can partially test for yourself using instructions earlier in this thread about how to replace the activedirectory plugin with the one from our 11.3-stable repository. There were also some python-ldap library fixes that you will have to wait until U2 for.
Windows Server 2016 DC, fresh on that machine, not migrated from older OSs etc. The dc.domain.local above in the log is correct for the name of the server. Other FreeNAS (when on an older release) was joined to it successfully in the past. Neither FreeNAS name existed on any previous machine (so old records etc).Is this a Windows AD domain or a Samba one?
Did you disable NTP on your DC?Windows Server 2016 DC, fresh on that machine, not migrated from older OSs etc. The dc.domain.local above in the log is correct for the name of the server. Other FreeNAS (when on an older release) was joined to it successfully in the past. Neither FreeNAS name existed on any previous machine (so old records etc).