Freenas can't join AD, AD_status_domain: Not okay

Status
Not open for further replies.

Shrek000

Cadet
Joined
Feb 15, 2013
Messages
4
1. I installed Freenas 8.3.1 RC1 and try to join in the AD.
2. Configured AD as the instructions
ad.JPG
3. When I turn on the AD service in FreeNas - In the AD the computer account is added, but the service AD does not start.
4. The file /var/log/messages contains the following messages:
Code:
Mar  1 15:22:49 freenas ActiveDirectory: /usr/local/bin/python /usr/local/www/freenasUI/middleware/notifier.py stop cifs
Mar  1 15:22:51 freenas notifier: Stopping dbus.
Mar  1 15:22:51 freenas avahi-daemon[10168]: Disconnected from D-Bus, exiting.
Mar  1 15:22:51 freenas notifier: dbus not running? (check /var/run/dbus/dbus.pid).
Mar  1 15:22:51 freenas notifier: Starting dbus.
Mar  1 15:22:51 freenas notifier: Stopping avahi-daemon.
Mar  1 15:22:51 freenas notifier: Failed to kill daemon: No such file or directory
Mar  1 15:22:51 freenas notifier: Stopping avahi-daemon.
Mar  1 15:22:51 freenas notifier: Failed to kill daemon: No such file or directory
Mar  1 15:22:51 freenas notifier: Starting avahi-daemon.
Mar  1 15:22:51 freenas avahi-daemon[14756]: WARNING: No NSS support for mDNS detected, consider installing nss-mdns!
Mar  1 15:22:51 freenas notifier: Stopping winbindd.
Mar  1 15:22:51 freenas notifier: Waiting for PIDS: 12121.
Mar  1 15:22:51 freenas notifier: Stopping smbd.
Mar  1 15:22:51 freenas notifier: Stopping nmbd.
Mar  1 15:22:51 freenas notifier: Waiting for PIDS: 12111.
Mar  1 15:22:51 freenas notifier: False
Mar  1 15:22:51 freenas ActiveDirectory: /usr/sbin/service ix-kerberos quietstart
Mar  1 15:22:51 freenas ActiveDirectory: AD_init: config exists, loading values from /etc/ActiveDirectory/config
Mar  1 15:22:51 freenas ActiveDirectory: generate_krb5_conf: krbhost=pdc.elkabank.local, kpwdhost=pdc.elkabank.local, domainname=elkabank.local
Mar  1 15:22:51 freenas ActiveDirectory: /usr/sbin/service ix-nsswitch quietstart
Mar  1 15:22:51 freenas ActiveDirectory: /usr/sbin/service ix-pam quietstart
Mar  1 15:22:51 freenas ActiveDirectory: /usr/sbin/service ix-kinit quietstart
Mar  1 15:22:51 freenas ActiveDirectory: AD_init: config exists, loading values from /etc/ActiveDirectory/config
Mar  1 15:22:52 freenas ActiveDirectory: kerberos_start: kinit --password-file=/tmp/tmp.Df6f68gF marininpa@ELKABANK.LOCAL
Mar  1 15:22:52 freenas ActiveDirectory: kerberos_start: Successful
Mar  1 15:23:02 freenas ActiveDirectory: /usr/sbin/service ix-kinit status
Mar  1 15:23:02 freenas ActiveDirectory: AD_init: config exists, loading values from /etc/ActiveDirectory/config
Mar  1 15:23:02 freenas ActiveDirectory: kerberos_status: klist -l | grep -q ^marininpa@ELKABANK.LOCAL
Mar  1 15:23:02 freenas ActiveDirectory: kerberos_status: Successful
Mar  1 15:23:02 freenas ActiveDirectory: /usr/sbin/service ix-samba quietstart
Mar  1 15:23:02 freenas ActiveDirectory: AD_init: config exists, loading values from /etc/ActiveDirectory/config
Mar  1 15:23:02 freenas ActiveDirectory: AD_init: config exists, loading values from /etc/ActiveDirectory/config
Mar  1 15:23:02 freenas ActiveDirectory: generate_smb_config: checking testparm issues
Mar  1 15:23:02 freenas ActiveDirectory: generate_smb_config: testparm: Load smb config files from /usr/local/etc/smb.conf
Mar  1 15:23:02 freenas ActiveDirectory: generate_smb_config: testparm: max_open_files: increasing sysctl_max (11095) to minimum Windows limit (16384)
Mar  1 15:23:02 freenas ActiveDirectory: generate_smb_config: testparm: rlimit_max: increasing rlimit_max (11095) to minimum Windows limit (16384)
Mar  1 15:23:02 freenas ActiveDirectory: generate_smb_config: testparm: WARNING: The "idmap uid" option is deprecated
Mar  1 15:23:02 freenas ActiveDirectory: generate_smb_config: testparm: WARNING: The "idmap gid" option is deprecated
Mar  1 15:23:02 freenas ActiveDirectory: generate_smb_config: testparm: Loaded services file OK.
Mar  1 15:23:02 freenas ActiveDirectory: generate_smb_config: testparm: WARNING: The setting 'security=ads' should NOT be combined with the 'password server' parameter.
Mar  1 15:23:02 freenas ActiveDirectory: generate_smb_config: testparm: (by default Samba will discover the correct DC to contact automatically).
Mar  1 15:23:02 freenas ActiveDirectory: generate_smb_config: testparm: Server role: ROLE_DOMAIN_MEMBER
Mar  1 15:23:02 freenas ActiveDirectory: generate_smb_config: testparm: Press enter to see a dump of your service definitions
Mar  1 15:23:02 freenas ActiveDirectory: /usr/local/bin/python /usr/local/www/freenasUI/middleware/notifier.py start cifs
Mar  1 15:23:03 freenas ActiveDirectory: AD_init: config exists, loading values from /etc/ActiveDirectory/config
Mar  1 15:23:03 freenas ActiveDirectory: AD_init: config exists, loading values from /etc/ActiveDirectory/config
Mar  1 15:23:03 freenas ActiveDirectory: generate_smb_config: checking testparm issues
Mar  1 15:23:03 freenas ActiveDirectory: generate_smb_config: testparm: Load smb config files from /usr/local/etc/smb.conf
Mar  1 15:23:03 freenas ActiveDirectory: generate_smb_config: testparm: max_open_files: increasing sysctl_max (11095) to minimum Windows limit (16384)
Mar  1 15:23:03 freenas ActiveDirectory: generate_smb_config: testparm: rlimit_max: increasing rlimit_max (11095) to minimum Windows limit (16384)
Mar  1 15:23:03 freenas ActiveDirectory: generate_smb_config: testparm: WARNING: The "idmap uid" option is deprecated
Mar  1 15:23:03 freenas ActiveDirectory: generate_smb_config: testparm: WARNING: The "idmap gid" option is deprecated
Mar  1 15:23:03 freenas ActiveDirectory: generate_smb_config: testparm: Loaded services file OK.
Mar  1 15:23:03 freenas ActiveDirectory: generate_smb_config: testparm: WARNING: The setting 'security=ads' should NOT be combined with the 'password server' parameter.
Mar  1 15:23:03 freenas ActiveDirectory: generate_smb_config: testparm: (by default Samba will discover the correct DC to contact automatically).
Mar  1 15:23:03 freenas ActiveDirectory: generate_smb_config: testparm: Server role: ROLE_DOMAIN_MEMBER
Mar  1 15:23:03 freenas ActiveDirectory: generate_smb_config: testparm: Press enter to see a dump of your service definitions
Mar  1 15:23:03 freenas notifier: dbus already running? (pid=14731).
Mar  1 15:23:03 freenas notifier: Starting avahi-daemon.
Mar  1 15:23:03 freenas notifier: Daemon already running on PID 14756
Mar  1 15:23:04 freenas notifier: Removing stale Samba tdb files: ...... done
Mar  1 15:23:04 freenas notifier: Starting nmbd.
Mar  1 15:23:04 freenas notifier: Starting smbd.
Mar  1 15:23:04 freenas notifier: Starting winbindd.
Mar  1 15:23:04 freenas notifier: True
Mar  1 15:23:04 freenas ActiveDirectory: /usr/sbin/service ix-activedirectory quietstart
Mar  1 15:23:04 freenas ActiveDirectory: AD_init: config exists, loading values from /etc/ActiveDirectory/config
Mar  1 15:23:04 freenas ActiveDirectory: activedirectory_start: trying to join domain
Mar  1 15:23:04 freenas ActiveDirectory: AD_join_domain: net ads join -U marininpa
Mar  1 15:23:06 freenas notifier: Using short domain name -- ELKABANK
Mar  1 15:23:06 freenas notifier: Joined 'FREENAS' to dns domain 'elkabank.local'
Mar  1 15:23:07 freenas ActiveDirectory: AD_join_domain: Successful
Mar  1 15:23:07 freenas notifier: umount: unmount of /var/tmp/.cache failed: Device busy
Mar  1 15:23:07 freenas ActiveDirectory: /usr/sbin/service ix-activedirectory status
Mar  1 15:23:07 freenas ActiveDirectory: AD_init: config exists, loading values from /etc/ActiveDirectory/config
Mar  1 15:23:07 freenas ActiveDirectory: activedirectory_status: checking status
Mar  1 15:23:07 freenas ActiveDirectory: AD_status_domain: net ads status -U marininpa
Mar  1 15:23:17 freenas ActiveDirectory: AD_status_domain: Not okay


5. When I try to run the command hands, I get the following message:
# net ads status -U marininpa
Code:
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
objectClass: computer
cn: freenas
distinguishedName: CN=freenas,CN=Computers,DC=elkabank,DC=local
instanceType: 4
whenCreated: 20130301103033.0Z
whenChanged: 20130301112309.0Z
uSNCreated: 34622093
uSNChanged: 34622484
name: freenas
objectGUID: 067faa31-da20-4d19-b34a-718e57ff4640
userAccountControl: 69632
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 0
lastLogoff: 0
lastLogon: 130066106441406250
localPolicyFlags: 0
pwdLastSet: 130066105895468750
primaryGroupID: 515
objectSid: S-1-5-21-935624729-4147418335-2336181117-2011
accountExpires: 9223372036854775807
logonCount: 8
sAMAccountName: freenas$
sAMAccountType: 805306369
dNSHostName: localhost.my.domain
servicePrincipalName: HOST/localhost.my.domain
servicePrincipalName: HOST/FREENAS
objectCategory: CN=Computer,CN=Schema,CN=Configuration,DC=elkabank,DC=local
isCriticalSystemObject: FALSE
.....and more...


6. The file /etc/hosts file contains
Code:
# Host Database
#
# This file should contain the addresses and aliases for local hosts that
# share this file.  Replace 'my.domain' below with the domainname of your
# machine.
#
# In the presence of the domain name service or NIS, this file may
# not be consulted at all; see /etc/nsswitch.conf for the resolution order.
#
#
::1                     localhost localhost.my.domain freenas freenas.local
127.0.0.1               localhost localhost.my.domain freenas freenas.local
#
# Imaginary network.
#10.0.0.2               myname.my.domain myname
#10.0.0.3               myfriend.my.domain myfriend
#
# According to RFC 1918, you can use the following IP networks for
# private nets which will never be connected to the Internet:
#
#       10.0.0.0        -   10.255.255.255
#       172.16.0.0      -   172.31.255.255
#       192.168.0.0     -   192.168.255.255
#
# In case you want to be able to connect to the Internet, you need
# real official assigned numbers.  Do not try to invent your own network
# numbers but instead get one from your network provider (if any) or
# from your regional registry (ARIN, APNIC, LACNIC, RIPE NCC, or AfriNIC.)
#
127.0.0.1       freenas freenas.elkabank.local
192.168.0.251 pdc.elkabank.local pdc


7. Command wbinfo -u displays the AD user.
8. Сommand wbinfo -g displays the group AD.

What am I doing wrong?
 

Shrek000

Cadet
Joined
Feb 15, 2013
Messages
4
Thanks, service started when I correct line 123 (: ${AD_DNS_TIMEOUT:="60"}) in the file /etc/rc.freenas!
But after a reboot freenas server the value in the file /etc/rc.freenas again restored to the previous value and settings in the Active Directory service does not affect the values of line 123, is this normal?

Values in the section of the Active Directory service
ad.JPG

The value in the file /etc/rc.freenas
Code:
: ${AD_NET_ADS_TIMEOUT:="10"}
: ${AD_DNS_TIMEOUT:="10"}
 
J

James

Guest
If the change was from the command line, this is expected behavior. If the change was only made in the GUI, it is a bug. Can you confirm how the change was made?
 

Shrek000

Cadet
Joined
Feb 15, 2013
Messages
4
At first the changes made via the GUI, but it has not brought result and does not alter the contents of the file /etc/rc.freenas. Then a change has been made through the command line, after which the service will run.
 
J

James

Guest
The developer notes:

Here is the code block used:

timeout=$(AD_get timeout)
if [ -z "${timeout}" ]
then
timeout="${AD_NET_ADS_TIMEOUT}"
AD_set timeout "${timeout}"
fi

So, if a timeout is specified in the GUI (AD_get will return a non-null value if it was set), it is used, otherwise, $AD_NET_ADS_TIMEOUT is used. Either way, the value is never written to /etc/rc.freenas.

Bottom line: if it is configured in the GUI, it survives a reboot. Otherwise, it does not.
 
Status
Not open for further replies.
Top