Trouble after AD Bind - No User/Group sync

[TwinLakeTech]

System Information:
System Information
Hostname nas01.domain.com
Build TrueNAS-9.0.5-RELEASE-x64 (r8388)
Platform Intel(R) Xeon(R) CPU E5645 @ 2.40GHz
System Serial A1-20669
Memory 24552MB
System Time Sat Mar 10 21:36:43 CST 2018
Uptime 9:36PM up 1 day, 14:07, 1 user
Load Average 0.00, 0.02, 0.00
Boot Device Status OPTIMAL

Had to perform a PW reset on the domain admin account that was used by this box earlier this week due to admin leaving organization. Since, we have had trouble getting AD permissions back up and working. I have done the below so far:

• Rebooted device
• Reset AD credentials on the box
• Verified Time Sync and set NTP on box to domain NTP

I found the kerb5.conf file is referencing an old DC and I tried to manually update that file for the kdc and admin_server values, but when I stop or start the ActiveDirectory service my changes are wiped and it goes back to the old values. I can get an AD bind to work by pointing an A record for the old DC that the kerb5 file references to a new DC, but it is not synchronizing users.

I get the below from a wbinfo -t

could not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE
could not obtain winbind domain name!
checking the trust secret for domain (null) via RPC calls failed
failed to call wbcCheckTrustCredentials: WBC_ERR_WINBIND_NOT_AVAILABLE
Could not check secret


If I run a wbinfo -u I get the below
Error looking up domain users

And a wbinfo -g gets me

failed to call wbcListGroups: WBC_ERR_WINBIND_NOT_AVAILABLE
Error looking up domain groups



Not a Linux admin, so I am doing good to get this output and figure out VI. If you have something to try, prob need a pointer in how to try it along with what to try.

 

[TwinLakeTech]

Just to update on this, it appears like the server is hitting the old PDC which is no longer online. The old PDC failed and we had to move FSMO roles over in the environment to a new server. We have removed the old data from the environment for the old PDC, but somehow the NAS is still seeing it? This old PDC is the invalid servers howing up in the krb5.conf file for kdc and admin_server.

 

[dlavigne]

That is quite an old version of TrueNAS. Do you know if it still has a support contract?