Hi All,
I'm new to TrueNAS and i'm having issues figuring out how to get AD integration to work. I want to be able to import users/groups from AD and be able to use them for Web UI login, share ACL, etc. but I can't seem to do that.
I followed a bunch of documentation/forums and still having issues.
I managed to get TrueNAS joined to AD (I see the computer in the computer OU).
I ran the following commands:
When I run the following commands (wbinfo -u, wbinfo -g), I see my AD users/groups.
Here are some logs from the
I'm new to TrueNAS and i'm having issues figuring out how to get AD integration to work. I want to be able to import users/groups from AD and be able to use them for Web UI login, share ACL, etc. but I can't seem to do that.
I followed a bunch of documentation/forums and still having issues.
I managed to get TrueNAS joined to AD (I see the computer in the computer OU).
I ran the following commands:
Code:
root@truenas[~]# midclt call activedirectory.get_state HEALTHY root@truenas[~]# midclt call directoryservices.get_state {"activedirectory": "HEALTHY", "ldap": "DISABLED", "nis": "DISABLED"} root@truenas[~]#
When I run the following commands (wbinfo -u, wbinfo -g), I see my AD users/groups.
Here are some logs from the
/var/log/middleware.log
Code:
[2020/11/08 08:36:21] (DEBUG) ActiveDirectoryService.start():606 - Starting Active Directory service for [DOMAIN.COM] [2020/11/08 08:36:21] (DEBUG) EtcService.generate():375 - No new changes for /etc/hosts [2020/11/08 08:36:21] (DEBUG) EtcService.generate():375 - No new changes for /etc/security/pam_winbind.conf [2020/11/08 08:36:21] (DEBUG) ActiveDirectoryService.start():664 - Test join to DOMAIN.COM failed. Performing domain join. [2020/11/08 08:36:23] (DEBUG) ActiveDirectoryService.start():684 - Successfully generated keytab for computer account. Clearing bind credentials [2020/11/08 08:36:23] (DEBUG) EtcService.generate():375 - No new changes for /etc/krb5.conf [2020/11/08 08:36:23] (WARNING) middlewared.plugins.service_.services.base_freebsd.freebsd_service():134 - nmbd forcestop failed with code 1: 'nmbd not running? (check /var/run/samba4/nmbd.pid).\n' [2020/11/08 08:36:24] (DEBUG) EtcService.generate():375 - No new changes for /etc/local/avahi/avahi-daemon.conf [2020/11/08 08:36:25] (DEBUG) EtcService.generate():375 - No new changes for /etc/local/smb4.conf [2020/11/08 08:36:25] (DEBUG) EtcService.generate():375 - No new changes for /etc/security/pam_winbind.conf [2020/11/08 08:36:25] (DEBUG) EtcService.generate():375 - No new changes for /etc/local/smb4.conf [2020/11/08 08:36:25] (DEBUG) EtcService.generate():375 - No new changes for /etc/security/pam_winbind.conf [2020/11/08 08:36:25] (DEBUG) EtcService.generate():375 - No new changes for /etc/local/smb4_share.conf [2020/11/08 08:36:26] (DEBUG) EtcService.generate():375 - No new changes for /etc/local/avahi/avahi-daemon.conf [2020/11/08 08:36:27] (DEBUG) SMBService.add_admin_group():86 - No cache entry indicating delayed action to add admin_group was found. --- [2020/11/08 08:36:32] (DEBUG) ActiveDirectoryService.start():709 - Successfully started AD service for [DOMAIN.COM]. [2020/11/08 08:36:45] (DEBUG) DSCache.backup():155 - No cache exists for directory service [activedirectory]. [2020/11/08 08:46:03] (DEBUG) ActiveDirectoryService.get_n_working_servers():169 - Request for [1] of server type [DOMAINCONTROLLER] returned: [{'host': 'AD1.domain.com', 'port': 389}] [2020/11/08 08:56:03] (DEBUG) ActiveDirectoryService.get_n_working_servers():169 - Request for [1] of server type [DOMAINCONTROLLER] returned: [{'host': 'ad2.domain.com', 'port': 389}] [2020/11/08 09:00:55] (DEBUG) EtcService.generate():375 - No new changes for /etc/local/ssh/sshd_config [2020/11/08 09:00:55] (DEBUG) EtcService.generate():375 - No new changes for /etc/pam.d/sshd [2020/11/08 09:00:55] (DEBUG) EtcService.generate():326 - mako:local/users.oath file removed. [2020/11/08 09:00:55] (DEBUG) EtcService.generate():375 - No new changes for /etc/local/avahi/avahi-daemon.conf [2020/11/08 09:00:59] (DEBUG) EtcService.generate():375 - No new changes for /etc/krb5.conf [2020/11/08 09:01:52] (DEBUG) EtcService.generate():375 - No new changes for /etc/krb5.conf [2020/11/08 09:01:52] (DEBUG) EtcService.generate():375 - No new changes for /etc/pam.d/sshd [2020/11/08 09:01:52] (DEBUG) EtcService.generate():326 - mako:local/users.oath file removed. [2020/11/08 09:01:52] (DEBUG) EtcService.generate():375 - No new changes for /etc/local/avahi/avahi-daemon.conf [2020/11/08 09:05:22] (DEBUG) KerberosKeytabService.check_updated_keytab():1130 - Machine account password has changed. Stored copies of kerberos keytab and directory services secrets will now be updated. [2020/11/08 09:06:04] (DEBUG) ActiveDirectoryService.get_n_working_servers():169 - Request for [1] of server type [DOMAINCONTROLLER] returned: [{'host': 'ad1.domain.com', 'port': 389}] [2020/11/08 09:16:04] (DEBUG) ActiveDirectoryService.get_n_working_servers():169 - Request for [1] of server type [DOMAINCONTROLLER] returned: [{'host': 'AD1.domain.com', 'port': 389}] [2020/11/08 09:16:04] (DEBUG) ActiveDirectoryService.get_n_working_servers():169 - Request for [1] of server type [DOMAINCONTROLLER] returned: [{'host': 'ad2.domain.com', 'port': 389}]