Domain Join Issue - Must be the 9000th post :/

[DanPrs]

Yay :)

Alright so I got FreeNAS pointed to 10.0.0.16, my primary DC 2012R2 as the preferred NTP server.

I have the same IP as the only Nameserver in Net configuration.

Ping resolved hostnames on the network from the shell.

Created a domain account "freenas" and granted it Domain Admin rights.

Used domain\freenas to join freenas to domain

Receive error on web interface that reads- Error: [MiddlewareError: b'Active Directory failed to reload.']

Code:

root@freenas:~ #
root@freenas:~ # sqlite3 /data/freenas-v1.db "update directoryservice_activedirectory set ad_enable=1;"
root@freenas:~ # echo $?
0
root@freenas:~ # service ix-kerberos start
root@freenas:~ # service ix-nsswitch start
root@freenas:~ # service ix-kinit start
root@freenas:~ # service ix-kinit status
root@freenas:~ # echo $?
1
root@freenas:~ # klist
Credentials cache: FILE:/tmp/krb5cc_0
		Principal: freenas@PIRES.COM

  Issued				Expires			   Principal
Aug 22 03:27:28 2017  Aug 22 13:27:28 2017  krbtgt/PIRES.COM@PIRES.COM
root@freenas:~ # wbinfo -u
could not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE
could not obtain winbind domain name!
Error looking up domain users
root@freenas:~ # wbinfo -twbinfo -t
could not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE
could not obtain winbind domain name!
checking the trust secret for domain (null) via RPC calls failed
failed to call wbcCheckTrustCredentials: WBC_ERR_WINBIND_NOT_AVAILABLE
Could not check secret
root@freenas:~ #

 

[dlavigne]

Do you still get an error if you run the last block of commands listed at http://doc.freenas.org/11/directoryservice.html#if-the-system-will-not-join-the-domain?

If so, please create a bug at bugs.freenas.org that includes your system debug (System -> Advanced -> Save Debug) and post the bug number here. Note that the bug will be hidden from others until the dev has a chance to review the debug.

 

[DanPrs]

Code:

PS C:\> ktpass.exe -out hostname.keytab -target w2012@pires.com -ptype KRB5_NT_PRINCIPAL -mapuser pires\adjoin -pass *
ERROR: /out parameter requires a principal name.
	   Specify /princ to provide one.
PS C:\> ktpass.exe -out .\Users hostname.keytab -target w2012@pires.com -ptype KRB5_NT_PRINCIPAL -mapuser pires\adjoin -pass *
unknown option 'hostname.keytab'.

I don't get it. trying to create keytab and I've never used this utility. What is the parameter that it needs? What is the /out parameter that it should have as that is not specified.

 

[dlavigne]

Does this help: https://technet.microsoft.com/en-us/library/cc753771(v=ws.11).aspx ?

There is also a usage example in http://doc.freenas.org/11/directoryservice.html#kerberos-keytabs.