Issue joining FreeNAS to AD

[Garyw]

So I've got a mixed 2008 R2/ windows 2012 R2 domain, the forest level is 2008 R2 and I've got two freenas boxes configured the same way. One works and one doesn't.

On the FreeNAS box that doesn't work (FreeNAS-9.3-STABLE-201512121950) I get this:

net ads status -U administrator
Enter administrator's password:
ads_connect: No logon servers

kinit administrator@gdwnet.com prompts for a password and keeps telling me that my password is wrong. I know it's not because I've tripled checked it and used it on other servers.

DNS is correct, I can ping the domain name and both AD servers so I'm a bit confused as to why this FreeNAS box won't talk to AD.

I've triple checked NTP and the time on the box is correct.

 

[anodos]

So I've got a mixed 2008 R2/ windows 2012 R2 domain, the forest level is 2008 R2 and I've got two freenas boxes configured the same way. One works and one doesn't.

On the FreeNAS box that doesn't work (FreeNAS-9.3-STABLE-201512121950) I get this:

net ads status -U administrator
Enter administrator's password:
ads_connect: No logon servers

kinit administrator@gdwnet.com prompts for a password and keeps telling me that my password is wrong. I know it's not because I've tripled checked it and used it on other servers.

DNS is correct, I can ping the domain name and both AD servers so I'm a bit confused as to why this FreeNAS box won't talk to AD.

I've triple checked NTP and the time on the box is correct.

post contents of /etc/local/smb4.conf

 

[Garyw]

Done.

Code:

[root@store05] /var/log# more /etc/local/smb4.conf
[global]
    server max protocol = SMB2
    encrypt passwords = yes
    dns proxy = no
    strict locking = no
    oplocks = yes
    deadtime = 15
    max log size = 51200
    max open files = 467381
    syslog only = yes
    syslog = 1
    load printers = no
    printing = bsd
    printcap name = /dev/null
    disable spoolss = yes
    getwd cache = yes
    guest account = nobody
    map to guest = Bad User
    obey pam restrictions = no
    directory name cache size = 0
    kernel change notify = no
    panic action = /usr/local/libexec/samba/samba-backtrace
    nsupdate command = /usr/local/bin/samba-nsupdate -g
    server string = backups and archives
    ea support = yes
    store dos attributes = yes
    lm announce = yes
    unix extensions = no
    acl allow execute always = false
    acl check permissions = true
    dos filemode = yes
    multicast dns register = no
    domain logons = no
    local master = no
    idmap config *: backend = tdb
    idmap config *: range = 20000-100000000
    server role = standalone
    netbios name = STORE05
    workgroup = STORE05-CIFS
    security = user
    pid directory = /var/run/samba
    create mask = 0666
    directory mask = 0777
    client ntlmv2 auth = yes
    dos charset = CP437
    unix charset = UTF-8
    log level = 3


[archive]
    path = /mnt/storage/archive
    printable = no
    veto files = /.snapshot/.windows/.mac/.zfs/
    writeable = yes
    browseable = yes
    vfs objects = zfs_space zfsacl aio_pthread streams_xattr
    hide dot files = yes
    guest ok = no
    nfs4:mode = special
    nfs4:acedup = merge
    nfs4:chown = true
    zfsacl:acesort = dontcare


[backupexec]
    path = /mnt/storage/backupexec
    printable = no
    veto files = /.snapshot/.windows/.mac/.zfs/
    writeable = yes
    browseable = yes
    vfs objects = zfs_space zfsacl aio_pthread streams_xattr
    hide dot files = yes
    guest ok = no
    nfs4:mode = special
    nfs4:acedup = merge
    nfs4:chown = true
    zfsacl:acesort = dontcare


[pc]
    path = /mnt/storage/pc
    printable = no
    veto files = /.snapshot/.windows/.mac/.zfs/
    writeable = yes
    browseable = yes
    vfs objects = zfs_space zfsacl aio_pthread streams_xattr
    hide dot files = yes
    guest ok = no
    nfs4:mode = special
    nfs4:acedup = merge
    nfs4:chown = true
    zfsacl:acesort = dontcare


[veeam]
    path = /mnt/storage/veeam
    printable = no
    veto files = /.snapshot/.windows/.mac/.zfs/
    writeable = yes
    browseable = yes
    vfs objects = zfs_space zfsacl aio_pthread streams_xattr
    hide dot files = yes
    guest ok = no
    nfs4:mode = special
    nfs4:acedup = merge
    nfs4:chown = true
    zfsacl:acesort = dontcare

 

[dlavigne]

Were you able to make any progress with this? If not, does upgrading to this week's software update make any difference?

 

[Garyw]

I've done a full upgrade and I still have the same issues. this is in the logs:


Jan 24 10:50:30 store05 winbindd[95361]: initialize_winbindd_cache: clearing cache and re-creating with version number 2
Jan 24 10:50:30 store05 winbindd[95361]: [2016/01/24 10:50:30.589762, 0] ../lib/util/become_daemon.c:136(daemon_ready)
Jan 24 10:50:30 store05 winbindd[95365]: STATUS=daemon 'winbindd' finished starting up and ready to serve connections[95361]: list trusted domains
Jan 24 10:50:30 store05 ActiveDirectory: /usr/sbin/service ix-kinit forcestop
Jan 24 10:50:31 store05 ActiveDirectory: /usr/sbin/service ix-hostname quietstart

The weird thing is that it starts up AD and works for about a minute and then stops.

 

[dlavigne]

Please create a bug report at bugs.freenas.org and post the issue number here. The dev will need the bug report to have an attached debug--you can create that using System -> Advanced -> Save Debug.

 

[Garyw]

https://bugs.freenas.org/issues/13319 has been raised. Thanks for your help.