andrewjones216
Dabbler
- Joined
- Jun 7, 2016
- Messages
- 20
Hi all,
We recently changed our FreeNAS box to point to a different DC and GC for Active Directory as we are decommissioning one of our AD servers. The new server was added, FreeNAS rebooted and the cache rebuilt.
"CWM-DC-01" is the name of our new server.
"CDC01" is the name of the old server.
However when we turn off the old dc "CDC01", it appears that FreeNAS still tries to connect to it, here's the debug output from FreeNAS for Active Directory. As you can see it still references the old server. Any ideas would be welcome:
Cheers
Andrew
We recently changed our FreeNAS box to point to a different DC and GC for Active Directory as we are decommissioning one of our AD servers. The new server was added, FreeNAS rebooted and the cache rebuilt.
"CWM-DC-01" is the name of our new server.
"CDC01" is the name of the old server.
However when we turn off the old dc "CDC01", it appears that FreeNAS still tries to connect to it, here's the debug output from FreeNAS for Active Directory. As you can see it still references the old server. Any ideas would be welcome:
Code:
+--------------------------------------------------------------------------------+
+ Active Directory Status +
+--------------------------------------------------------------------------------+
Active Directory is ENABLED
+--------------------------------------------------------------------------------+
+ Active Directory Settings +
+--------------------------------------------------------------------------------+
Domain: xxx.xxx.xxx
Workgroup: CNAS04
Bind name: du_bigyellow
UNIX extensions: 0
Trusted domains: 1
SSL: off
Timeout: 2000
DNS Timeout: 2000
Domain controller: cwm-dc-01.xxx.xxx.xxx
Global Catalog Server: cwm-dc-01.xxx.xxx.xxx
+--------------------------------------------------------------------------------+
+ /etc/krb5.conf +
+--------------------------------------------------------------------------------+
[appdefaults]
pam = {
forwardable = true
ticket_lifetime = 86400
renew_lifetime = 86400
}
[libdefaults]
dns_lookup_realm = true
dns_lookup_kdc = true
ticket_lifetime = 24h
clockskew = 300
forwardable = yes
[domain_realm]
xxx.xxx.xxx = XXX.XXX.XXX
.xxx.xxx.xxx = XXX.XXX.XXX
XXX.XXX.XXX = XXX.XXX.XXX
.XXX.XXX.XXX = XXX.XXX.XXX
[realms]
XXX.XXX.XXX = {
kdc = cwm-dc-01.xxx.xxx.xxx:88
admin_server = cwm-dc-01.xxx.xxx.xxx:88
kpasswd_server = cwm-dc-01.xxx.xxx.xxx:464
default_domain = XXX.XXX.XXX
}
[logging]
default = SYSLOG:INFO:LOCAL7
+--------------------------------------------------------------------------------+
+ /etc/nsswitch.conf +
+--------------------------------------------------------------------------------+
services: files
rpc: files
group: files winbind
shells: files
passwd: files winbind
hosts: files mdns dns
sudoers: files
xxxworks: files
protocols: files
+--------------------------------------------------------------------------------+
+ /usr/local/etc/smb4.conf +
+--------------------------------------------------------------------------------+
[global]
server max protocol = SMB3_00
encrypt passwords = yes
dns proxy = no
strict locking = no
oplocks = yes
deadtime = 15
max log size = 51200
max open files = 2829440
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
getwd cache = yes
guest account = guest
map to guest = Bad User
obey pam restrictions = yes
directory name cache size = 0
kernel change notify = no
dfree command = /usr/local/libexec/samba/dfree
panic action = /usr/local/libexec/samba/samba-backtrace
nsupdate command = /usr/local/bin/samba-nsupdate -g
server string = FreeNAS Server
ea support = yes
store dos attributes = yes
lm announce = yes
hostname lookups = yes
acl allow execute always = true
acl check permissions = true
dos filemode = yes
multicast dns register = yes
domain logons = no
idmap config *: backend = tdb
idmap config *: range = 90000001-100000000
server role = member server
xxxbios name = CNAS04
workgroup = XXX
realm = XXX.XXX.XXX
security = ADS
client use spnego = yes
cache directory = /var/tmp/.cache/.samba
local master = no
domain master = no
preferred master = no
winbind cache time = 7200
winbind offline logon = yes
winbind enum users = yes
winbind enum groups = yes
winbind nested groups = yes
winbind use default domain = yes
winbind refresh tickets = yes
idmap config XXX: backend = rid
idmap config XXX: range = 20000-90000000
allow trusted domains = yes
client ldap sasl wrapping = plain
template shell = /bin/sh
template homedir = /home/%U
pid directory = /var/run/samba
smb passwd file = /var/etc/private/smbpasswd
private dir = /var/etc/private
create mask = 0666
directory mask = 0777
client ntlmv2 auth = yes
dos charset = CP437
unix charset = UTF-8
log level = 3
+--------------------------------------------------------------------------------+
+ Kerberos Tickets +
+--------------------------------------------------------------------------------+
Credentials cache: FILE:/tmp/krb5cc_0
Principal: du_bigyellow@XXX.XXX.XXX
Issued Expires Principal
Jul 20 15:30:00 >>>Expired<<< krbtgt/XXX.XXX.XXX@XXX.XXX.XXX
+--------------------------------------------------------------------------------+
+ /usr/local/etc/sssd/sssd.conf +
+--------------------------------------------------------------------------------+
[sssd]
config_file_version = 2
full_name_format = %2$s\%1$s
re_expression = (((?P<domain>[^\\]+)\\(?P<name>.+$))|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?P<name>[^@\\]+)$))
services = nss,pam
[nss]
[pam]
+--------------------------------------------------------------------------------+
+ /etc/directoryservice/ActiveDirectory/config +
+--------------------------------------------------------------------------------+
ad_bindname=du_bigyellow
ad_domainname=xxx.xxx.xxx
ad_xxxbiosname=XXX
ad_basedn=DC=xxx,DC=xxx,DC=xxx
ad_binddn=du_bigyellow@XXX.XXX.XXX
ad_site=Default-First-Site-Name
ad_dcname=cdc01.xxx.xxx.xxx:389
ad_dchost=cdc01.xxx.xxx.xxx
ad_dcport=389
ad_gcname=cdc01.xxx.xxx.xxx:3268
ad_gchost=cdc01.xxx.xxx.xxx
ad_gcport=3268
ad_krbname=cwm-dc-01.xxx.xxx.xxx:88
ad_krbhost=cwm-dc-01.xxx.xxx.xxx
ad_krbport=88
ad_kpwdname=cwm-dc-01.xxx.xxx.xxx:464
ad_kpwdhost=cwm-dc-01.xxx.xxx.xxx
ad_kpwdport=464
ad_krb_realm=XXX.XXX.XXX
ad_keytab_name=
ad_keytab_principal=
ad_keytab_file=
ad_timeout=2000
ad_dns_timeout=2000
ad_certfile=
ad_ssl=off
ad_unix_extensions=0
+--------------------------------------------------------------------------------+
+ adtool get config_file +
+--------------------------------------------------------------------------------+
ad_bindname=du_bigyellow
ad_domainname=xxx.xxx.xxx
ad_xxxbiosname=XXX
ad_basedn=DC=xxx,DC=xxx,DC=xxx
ad_binddn=du_bigyellow@XXX.XXX.XXX
ad_site=Default-First-Site-Name
ad_dcname=cdc01.xxx.xxx.xxx:389
ad_dchost=cdc01.xxx.xxx.xxx
ad_dcport=389
ad_gcname=cdc01.xxx.xxx.xxx:3268
ad_gchost=cdc01.xxx.xxx.xxx
ad_gcport=3268
ad_krbname=cwm-dc-01.xxx.xxx.xxx:88
ad_krbhost=cwm-dc-01.xxx.xxx.xxx
ad_krbport=88
ad_kpwdname=cwm-dc-01.xxx.xxx.xxx:464
ad_kpwdhost=cwm-dc-01.xxx.xxx.xxx
ad_kpwdport=464
ad_krb_realm=XXX.XXX.XXX
ad_keytab_name=
ad_keytab_principal=
ad_keytab_file=
ad_timeout=2000
ad_dns_timeout=2000
ad_certfile=
ad_ssl=off
ad_unix_extensions=0
+--------------------------------------------------------------------------------+
+ Active Directory Domain Info +
+--------------------------------------------------------------------------------+
Environment LOGNAME is not defined. Trying anonymous access.
LDAP server: 10.1.10.53
LDAP server name: cdc01.xxx.xxx.xxx
Realm: XXX.XXX.XXX
Bind Path: dc=XXX,dc=UCPG,dc=NET
LDAP port: 389
Server time: Thu, 30 Jul 2020 18:12:01 BST
KDC server: 10.1.10.53
Server time offset: 0
+--------------------------------------------------------------------------------+
+ Active Directory Domain Status +
+--------------------------------------------------------------------------------+
Environment LOGNAME is not defined. Trying anonymous access.
Enter administrator's password:Enter administrator's password:
+--------------------------------------------------------------------------------+
+ Active Directory Trust Secret +
+--------------------------------------------------------------------------------+
checking the trust secret for domain XXX via RPC calls succeeded
+--------------------------------------------------------------------------------+
+ Active Directory NETLOGON connection +
+--------------------------------------------------------------------------------+
checking the NETLOGON dc connection to "cdc01.xxx.xxx.xxx" succeeded
+--------------------------------------------------------------------------------+
+ Active Directory trusted domains +
+--------------------------------------------------------------------------------+
BUILTIN
CNAS04
XXX
+--------------------------------------------------------------------------------+
+ Active Directory all domains +
+--------------------------------------------------------------------------------+
BUILTIN
CNAS04
XXX
+--------------------------------------------------------------------------------+
+ Active Directory own domain +
+--------------------------------------------------------------------------------+
XXX
+--------------------------------------------------------------------------------+
+ Active Directory online status +
+--------------------------------------------------------------------------------+
BUILTIN : online
CNAS04 : online
XXX : online
+--------------------------------------------------------------------------------+
+ Active Directory domain info +
+--------------------------------------------------------------------------------+
Name : XXX
Alt_Name : xxx.xxx.xxx
SID : S-1-5-21-2061321246-3148851292-2459642145
Active Directory : Yes
Native : Yes
Primary : Yes
+--------------------------------------------------------------------------------+
+ Active Directory DC name +
+--------------------------------------------------------------------------------+
CWM-DC-01.xxx.xxx.xxx
\\10.1.11.51
1
1dea8c91-569b-4277-8bd7-5b46818d03fc
xxx.xxx.xxx
xxx.xxx.xxx
0xe001f1fc
Default-First-Site-Name
Default-First-Site-Name
+--------------------------------------------------------------------------------+
+ Active Directory DC info +
+--------------------------------------------------------------------------------+
cdc01.xxx.xxx.xxx (10.1.10.53)Cheers
Andrew
