andrewjones216
Dabbler
- Joined
- Jun 7, 2016
- Messages
- 20
Hi all,
We recently changed our FreeNAS box to point to a different DC and GC for Active Directory as we are decommissioning one of our AD servers. The new server was added, FreeNAS rebooted and the cache rebuilt.
"CWM-DC-01" is the name of our new server.
"CDC01" is the name of the old server.
However when we turn off the old dc "CDC01", it appears that FreeNAS still tries to connect to it, here's the debug output from FreeNAS for Active Directory. As you can see it still references the old server. Any ideas would be welcome:
Cheers
Andrew
We recently changed our FreeNAS box to point to a different DC and GC for Active Directory as we are decommissioning one of our AD servers. The new server was added, FreeNAS rebooted and the cache rebuilt.
"CWM-DC-01" is the name of our new server.
"CDC01" is the name of the old server.
However when we turn off the old dc "CDC01", it appears that FreeNAS still tries to connect to it, here's the debug output from FreeNAS for Active Directory. As you can see it still references the old server. Any ideas would be welcome:
Code:
+--------------------------------------------------------------------------------+ + Active Directory Status + +--------------------------------------------------------------------------------+ Active Directory is ENABLED +--------------------------------------------------------------------------------+ + Active Directory Settings + +--------------------------------------------------------------------------------+ Domain: xxx.xxx.xxx Workgroup: CNAS04 Bind name: du_bigyellow UNIX extensions: 0 Trusted domains: 1 SSL: off Timeout: 2000 DNS Timeout: 2000 Domain controller: cwm-dc-01.xxx.xxx.xxx Global Catalog Server: cwm-dc-01.xxx.xxx.xxx +--------------------------------------------------------------------------------+ + /etc/krb5.conf + +--------------------------------------------------------------------------------+ [appdefaults] pam = { forwardable = true ticket_lifetime = 86400 renew_lifetime = 86400 } [libdefaults] dns_lookup_realm = true dns_lookup_kdc = true ticket_lifetime = 24h clockskew = 300 forwardable = yes [domain_realm] xxx.xxx.xxx = XXX.XXX.XXX .xxx.xxx.xxx = XXX.XXX.XXX XXX.XXX.XXX = XXX.XXX.XXX .XXX.XXX.XXX = XXX.XXX.XXX [realms] XXX.XXX.XXX = { kdc = cwm-dc-01.xxx.xxx.xxx:88 admin_server = cwm-dc-01.xxx.xxx.xxx:88 kpasswd_server = cwm-dc-01.xxx.xxx.xxx:464 default_domain = XXX.XXX.XXX } [logging] default = SYSLOG:INFO:LOCAL7 +--------------------------------------------------------------------------------+ + /etc/nsswitch.conf + +--------------------------------------------------------------------------------+ services: files rpc: files group: files winbind shells: files passwd: files winbind hosts: files mdns dns sudoers: files xxxworks: files protocols: files +--------------------------------------------------------------------------------+ + /usr/local/etc/smb4.conf + +--------------------------------------------------------------------------------+ [global] server max protocol = SMB3_00 encrypt passwords = yes dns proxy = no strict locking = no oplocks = yes deadtime = 15 max log size = 51200 max open files = 2829440 load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes getwd cache = yes guest account = guest map to guest = Bad User obey pam restrictions = yes directory name cache size = 0 kernel change notify = no dfree command = /usr/local/libexec/samba/dfree panic action = /usr/local/libexec/samba/samba-backtrace nsupdate command = /usr/local/bin/samba-nsupdate -g server string = FreeNAS Server ea support = yes store dos attributes = yes lm announce = yes hostname lookups = yes acl allow execute always = true acl check permissions = true dos filemode = yes multicast dns register = yes domain logons = no idmap config *: backend = tdb idmap config *: range = 90000001-100000000 server role = member server xxxbios name = CNAS04 workgroup = XXX realm = XXX.XXX.XXX security = ADS client use spnego = yes cache directory = /var/tmp/.cache/.samba local master = no domain master = no preferred master = no winbind cache time = 7200 winbind offline logon = yes winbind enum users = yes winbind enum groups = yes winbind nested groups = yes winbind use default domain = yes winbind refresh tickets = yes idmap config XXX: backend = rid idmap config XXX: range = 20000-90000000 allow trusted domains = yes client ldap sasl wrapping = plain template shell = /bin/sh template homedir = /home/%U pid directory = /var/run/samba smb passwd file = /var/etc/private/smbpasswd private dir = /var/etc/private create mask = 0666 directory mask = 0777 client ntlmv2 auth = yes dos charset = CP437 unix charset = UTF-8 log level = 3 +--------------------------------------------------------------------------------+ + Kerberos Tickets + +--------------------------------------------------------------------------------+ Credentials cache: FILE:/tmp/krb5cc_0 Principal: du_bigyellow@XXX.XXX.XXX Issued Expires Principal Jul 20 15:30:00 >>>Expired<<< krbtgt/XXX.XXX.XXX@XXX.XXX.XXX +--------------------------------------------------------------------------------+ + /usr/local/etc/sssd/sssd.conf + +--------------------------------------------------------------------------------+ [sssd] config_file_version = 2 full_name_format = %2$s\%1$s re_expression = (((?P<domain>[^\\]+)\\(?P<name>.+$))|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?P<name>[^@\\]+)$)) services = nss,pam [nss] [pam] +--------------------------------------------------------------------------------+ + /etc/directoryservice/ActiveDirectory/config + +--------------------------------------------------------------------------------+ ad_bindname=du_bigyellow ad_domainname=xxx.xxx.xxx ad_xxxbiosname=XXX ad_basedn=DC=xxx,DC=xxx,DC=xxx ad_binddn=du_bigyellow@XXX.XXX.XXX ad_site=Default-First-Site-Name ad_dcname=cdc01.xxx.xxx.xxx:389 ad_dchost=cdc01.xxx.xxx.xxx ad_dcport=389 ad_gcname=cdc01.xxx.xxx.xxx:3268 ad_gchost=cdc01.xxx.xxx.xxx ad_gcport=3268 ad_krbname=cwm-dc-01.xxx.xxx.xxx:88 ad_krbhost=cwm-dc-01.xxx.xxx.xxx ad_krbport=88 ad_kpwdname=cwm-dc-01.xxx.xxx.xxx:464 ad_kpwdhost=cwm-dc-01.xxx.xxx.xxx ad_kpwdport=464 ad_krb_realm=XXX.XXX.XXX ad_keytab_name= ad_keytab_principal= ad_keytab_file= ad_timeout=2000 ad_dns_timeout=2000 ad_certfile= ad_ssl=off ad_unix_extensions=0 +--------------------------------------------------------------------------------+ + adtool get config_file + +--------------------------------------------------------------------------------+ ad_bindname=du_bigyellow ad_domainname=xxx.xxx.xxx ad_xxxbiosname=XXX ad_basedn=DC=xxx,DC=xxx,DC=xxx ad_binddn=du_bigyellow@XXX.XXX.XXX ad_site=Default-First-Site-Name ad_dcname=cdc01.xxx.xxx.xxx:389 ad_dchost=cdc01.xxx.xxx.xxx ad_dcport=389 ad_gcname=cdc01.xxx.xxx.xxx:3268 ad_gchost=cdc01.xxx.xxx.xxx ad_gcport=3268 ad_krbname=cwm-dc-01.xxx.xxx.xxx:88 ad_krbhost=cwm-dc-01.xxx.xxx.xxx ad_krbport=88 ad_kpwdname=cwm-dc-01.xxx.xxx.xxx:464 ad_kpwdhost=cwm-dc-01.xxx.xxx.xxx ad_kpwdport=464 ad_krb_realm=XXX.XXX.XXX ad_keytab_name= ad_keytab_principal= ad_keytab_file= ad_timeout=2000 ad_dns_timeout=2000 ad_certfile= ad_ssl=off ad_unix_extensions=0 +--------------------------------------------------------------------------------+ + Active Directory Domain Info + +--------------------------------------------------------------------------------+ Environment LOGNAME is not defined. Trying anonymous access. LDAP server: 10.1.10.53 LDAP server name: cdc01.xxx.xxx.xxx Realm: XXX.XXX.XXX Bind Path: dc=XXX,dc=UCPG,dc=NET LDAP port: 389 Server time: Thu, 30 Jul 2020 18:12:01 BST KDC server: 10.1.10.53 Server time offset: 0 +--------------------------------------------------------------------------------+ + Active Directory Domain Status + +--------------------------------------------------------------------------------+ Environment LOGNAME is not defined. Trying anonymous access. Enter administrator's password:Enter administrator's password: +--------------------------------------------------------------------------------+ + Active Directory Trust Secret + +--------------------------------------------------------------------------------+ checking the trust secret for domain XXX via RPC calls succeeded +--------------------------------------------------------------------------------+ + Active Directory NETLOGON connection + +--------------------------------------------------------------------------------+ checking the NETLOGON dc connection to "cdc01.xxx.xxx.xxx" succeeded +--------------------------------------------------------------------------------+ + Active Directory trusted domains + +--------------------------------------------------------------------------------+ BUILTIN CNAS04 XXX +--------------------------------------------------------------------------------+ + Active Directory all domains + +--------------------------------------------------------------------------------+ BUILTIN CNAS04 XXX +--------------------------------------------------------------------------------+ + Active Directory own domain + +--------------------------------------------------------------------------------+ XXX +--------------------------------------------------------------------------------+ + Active Directory online status + +--------------------------------------------------------------------------------+ BUILTIN : online CNAS04 : online XXX : online +--------------------------------------------------------------------------------+ + Active Directory domain info + +--------------------------------------------------------------------------------+ Name : XXX Alt_Name : xxx.xxx.xxx SID : S-1-5-21-2061321246-3148851292-2459642145 Active Directory : Yes Native : Yes Primary : Yes +--------------------------------------------------------------------------------+ + Active Directory DC name + +--------------------------------------------------------------------------------+ CWM-DC-01.xxx.xxx.xxx \\10.1.11.51 1 1dea8c91-569b-4277-8bd7-5b46818d03fc xxx.xxx.xxx xxx.xxx.xxx 0xe001f1fc Default-First-Site-Name Default-First-Site-Name +--------------------------------------------------------------------------------+ + Active Directory DC info + +--------------------------------------------------------------------------------+ cdc01.xxx.xxx.xxx (10.1.10.53)
Cheers
Andrew