CDuv
Dabbler
- Joined
- Aug 11, 2014
- Messages
- 17
Hello,
TL;DR: A TrueNAS SCALE server won't join an Active Directory domain that have different name than it's own.
I have 2 TrueNAS servers (a SCALE and a CORE, named "NAS1" and "NAS2") running on the same LAN and member of this domain and working just fine (the Domain users are available in TrueNAS's ACL configuration pages and users authenticate on theses TrueNAS server using their domain credentials).
This is on LAN1 (say 192.168.1.0/24) which is used by Company 1 that also has a DNS domain (not SD/AD) "int.company-1.com" (meaning "
I see no related log message/error in
What tool(s) can I use to debug the issue and find the root cause?
Since I know that:
Thanks
TL;DR: A TrueNAS SCALE server won't join an Active Directory domain that have different name than it's own.
Context:
I have a working Samba Domain setup where a Samba 4 (v4.13) server (named "DC1") acts as a Domain Controller for domain "sd.int.company-1.com".I have 2 TrueNAS servers (a SCALE and a CORE, named "NAS1" and "NAS2") running on the same LAN and member of this domain and working just fine (the Domain users are available in TrueNAS's ACL configuration pages and users authenticate on theses TrueNAS server using their domain credentials).
This is on LAN1 (say 192.168.1.0/24) which is used by Company 1 that also has a DNS domain (not SD/AD) "int.company-1.com" (meaning "
domain int.company-1.com
" in "/etc/resolv.conf
" on Linux computers and in DHCP's configuration)
New stuff I need to do:
I have another LAN: LAN2 (say 192.168.2.0/24), for Company 2's staff, that has no Samba/Windows domain, nor Domain Controller but:- the staff of Company 2 do have credentials on sd.int.company-1.com
(Both company 1 and 2 have separate network in mutual building but are kind of sister-companies) - they need a NAS server running TrueNAS SCALE: say "NAS3"
- their existing DNS domain is "int.company-2.com"
What I did:
- Added DC1 on LAN 2: new NIC, plugged on LAN2's switch, configured a LAN2 IP
- Installed TrueNAS SCALE 23.10.1 on NAS3 (internal FQDN, as returned by
hostname -f
: nas3.int.company-2.com), on LAN2 - Can ping DC1 from NAS3 using it's LAN2 IP. And vice-versa.
- Configured Active Directory in "Directory Services" with the settings I usually use for this kind of operation:
- Domain Name: SD.INT.COMPANY-1.COM
- Domain Account Name: Administrator
- Domain Account Password: (Password)
- NetBIOS Name: NAS3
- Enable (requires password or Kerberos principal): [X] (checked)
- Verbose Logging: [ ] (unchecked)
- Allow Trusted Domains: [ ] (unchecked)
- Use Default Domain: [ ] (unchecked)
- Allow DNS Updates: [ ] (unchecked)
- Disable AD User / Group Cache: [ ] (unchecked)
- Restrict PAM: [ ] (unchecked)
- Site Name: (empty)
- Kerberos Realm: (empty)
- Kerberos Principal: (empty)
- Computer Account OU: Machines
- Winbind NSS Info: RFC2307
- NetBIOS Alias: (empty)
Issue:
Submitting the configuration form fails with:ads_connect: No logon servers are currently available to service the logon request. Didn't find the ldap server!
I see no related log message/error in
/var/log/messages
even if I check "Verbose Logging".Questions:
Can what I'm trying to do be done?What tool(s) can I use to debug the issue and find the root cause?
Since I know that:
- Samba 4 listens on both NIC of DC1 (both LAN1 and LAN2)
- and DC1 can ping and resolve NAS3, and vice-versa
Thanks