Trying to get FreeNAS to pull users from Windows AD

[bediaa]

I'm well versed in linux, and moderately versed in handling AD in a Windows environment. Maybe I'm missing something in getting this set up in FreeNAS (BSD). Never have set up an AD connection in a POSIX-like environment.

Anyway, details about the problem I'm having:
I've tried to set up AD connections in the freenas webgui based on this guide: http://doc.freenas.org/index.php/Directory_Services but it just doesn't work.

Here is my /var/log/messages when I set up the AD parameters and then try to start the service: http://pastebin.com/raw.php?i=p85fwVtY (only the domain name has been censored out).

Help? Ideas? Didn't think this would be that difficult of a task.

 

[bediaa]

The edit button doesn't seem to work for me, but I just wanted to add I've tried this on both the 9.1.1 and 8.3.2 (the errors are almost identical). I'm using this on a HP ProLiant ML370 G4 booting from a USB stick.

 

[dlavigne]

Nov 15 10:08:19 freenas notifier: kinit: krb5_get_init_creds: unable to reach any KDC in realm DOMAIN.EXAMPLE.COM

Have you checked the SRV records on DNS? Any of the other tips in http://doc.freenas.org/index.php/Directory_Services#Troubleshooting_Tips help?

 

[bediaa]

It looks like the SRV records are correct.
When I do (from the freenas local console/shell): host -t srv _ldap._tcp.domain.example.com
I get expected (as far as I know, correct) results after about 40 seconds of waiting:
_ldap._tcp.domain.example.com has SRV record 0 100 389 dc1.domain.example.com
_ldap._tcp.domain.example.com has SRV record 0 100 389 dc2.domain.example.com

In DNS on Windows Server, I expanded domain.example.com --> _tcp
...and I see entries for both domain controllers for _gc, _ldap, _kpasswd, and _kerberos

 

[bediaa]

bump. Any more ideas? It'd be a shame if have to ditch this NAS software because I can't get it to play nicely with AD.

 

[dlavigne]

If it's not the SRV records and you have tried the other tips in that section, I'm not sure what the underlying problem is. You could try creating a bug report at bugs.freenas.org and posting the issue number here.

 

[pasu]

Got the same problem.

Joining domain - OK
wbinfo -u / -g /-t OK shows everything
ping AD - OK
DNS setup on AD - OK

Still, no users or groups are showing up when I try to change permissions. The NAS is running for 24h+

 

[dlavigne]

Did you ever get this sorted?

 

[jacinf]

I'm seeing the same issue. Any update?

 

[dlavigne]

Has anyone made a bug report yet at bugs.freenas.org? If so, please post the bug number so that others can follow the progress.

 

[jacinf]

https://bugs.freenas.org/issues/3997

 

[jacinf]

For anybody else seeing this issue, please see the following thread.. it fixed my issue:

http://forums.freenas.org/threads/upgrading-to-9-2-b2-breaks-ad.16897/#post-90963