Freenas 11.2 won't join AD

[l@e]

Since doing this, I notice:

1. The Kerberos Realm is now FURRY.LOCAL, whereas before it was / was set to be wse2012r2.furry.local, and KDC, Password Server and Admin Server have nothing defined.
2. I have a previously-defined SMB share which still appears to Windows clients, but which is not defined in the webGUI (e.g. under Sharing), and which I can't get rid of; I've tried detaching the pool etc., which is supposed to destroy all data.
3. I can see the AD accounts listed, in the form (e.g.) "FURRY\freenasadmin" when I edit permissions for a pool / dataset, but these do not appear under "Accounts".

Regarding point 2. Maybee you have them configured as maped drive or net drives at client side. You can not make them disapear changing FN conf. Use “net use \\server\share /delete” from cmd.
Regarding point 3. The rights for these users you have to set from smb share from any of the clients, just select principal furry domain and not FN. they will not apear as local users on FN. FN will just redirect their SID to th DC to resolve.

 

[Furry]

Regarding point 2. Maybee you have them configured as maped drive or net drives at client side. You can not make them disapear changing FN conf. Use “net use \\server\share /delete” from cmd.

No, I haven't mapped any shares at the client; this command produces the response "The network connection could not be found".

 

[l@e]

Try “net use * /delete”.
Check also if any gpo in place to automount the net resource.

 

[Furry]

Try “net use * /delete”.
Check also if any gpo in place to automount the net resource.

"There are no entries in the list".

The share in question allows me to create and delete folders and files within it, which implies that permissions no longer defined (supposedly) by freenas, also still apply.

 

[anodos]

Since doing this, I notice:

1. The Kerberos Realm is now FURRY.LOCAL, whereas before it was / was set to be wse2012r2.furry.local, and KDC, Password Server and Admin Server have nothing defined.
2. I have a previously-defined SMB share which still appears to Windows clients, but which is not defined in the webGUI (e.g. under Sharing), and which I can't get rid of; I've tried detaching the pool etc., which is supposed to destroy all data.
3. I can see the AD accounts listed, in the form (e.g.) "FURRY\freenasadmin" when I edit permissions for a pool / dataset, but these do not appear under "Accounts".

1) It's better not to define those things in the UI.
2) Make sure you've actually removed the share, then review your smb4.conf file to make sure the share is gone, then type "service samba_server restart"
3) You're not supposed to see them there. That menu is for local accounts.

 

[Furry]

1) It's better not to define those things in the UI.

I didn't, originally; it was only because FN itself apparently defined them oddly (e.g. "freenas.furry.local.furry") that I re-defined them myself in the UI - although I accept this might have been the result of me setting or defining some other aspect wrongly elsewhere.

 

[Furry]

2) Make sure you've actually removed the share,

I have, at least in the webGUI - no sign of it in there. Also, this share is persisting across restarts.

 

[anodos]

I have, at least in the webGUI - no sign of it in there. Also, this share is persisting across restarts.

PM me your config database. System->General->Save Config. Don't export the secret seed.

 

[Furry]

Turns out it's actually an 'Offline Share', the result of a Windows "Sync Centre" which has somehow appeared and about which I have no knowledge. Doh. Sorry about that. The share does not appear in smb4.conf. Now, if only I could get rid of it in Windows... (I've tried).

 

[Furry]

Another oddity however, with FreeNAS, is that (since I rebooted the Windows client) I can't log on to the webGUI, either as root or another user that I created; "username or password is incorrect".

I've had this before, and had to reset the root password at the console.

Edit(1): Also, other browsers except Chrome, which I've been using so far, won't produce the webGUI at all. SMB shares are accessible, though.
Edit(2): Is this something to do with FreeNAS now being part of AD? I can now connect to freenas via the DC server's Computer Management, see the root and the other account I've set up, and (apparently) 'set password' - do I now need to do that, from the DC server?