Unable to join AD Domain

[chris95]

Hello there,
I always get the error "service could not start" when I try to enable the directory services for joining an Active Directory Domain.
I already read a few threads about this topic but nothing worked for me.
I am using FreeNas 9.2.1.5 (tried on FreeNas 9.2.1.6 also, but didn't work)

Here the output of /var/log/messages when I try to start the service:

Code:

Aug  4 21:20:12 s-nas ActiveDirectory: /usr/local/bin/python /usr/local/www/freenasUI/middleware/notifier.py stop cifs
Aug  4 21:20:13 s-nas notifier: Stopping winbindd.
Aug  4 21:20:13 s-nas winbindd[34951]: [2014/08/04 21:20:13.401340,  0] ../source3/winbindd/winbindd.c:234(winbindd_sig_term_handler)
Aug  4 21:20:13 s-nas winbindd[34951]:   Got sig[15] terminate (is_parent=1)
Aug  4 21:20:13 s-nas winbindd[34952]: [2014/08/04 21:20:13.403984,  0] ../source3/winbindd/winbindd.c:234(winbindd_sig_term_handler)
Aug  4 21:20:13 s-nas winbindd[34952]:   Got sig[15] terminate (is_parent=0)
Aug  4 21:20:13 s-nas notifier: Waiting for PIDS: 34951.
Aug  4 21:20:13 s-nas notifier: Stopping smbd.
Aug  4 21:20:13 s-nas notifier: Waiting for PIDS: 34947.
Aug  4 21:20:13 s-nas notifier: Stopping nmbd.
Aug  4 21:20:13 s-nas notifier: Waiting for PIDS: 34943.
Aug  4 21:20:13 s-nas ActiveDirectory: /usr/sbin/service ix-kerberos quietstart
Aug  4 21:20:14 s-nas ix-kerberos: generate_krb5_conf: krbhost=s-dc01.tardis.lan,  kpwdhost=s-dc01.tardis.lan, domainname=tardis.lan
Aug  4 21:20:14 s-nas ActiveDirectory: /usr/sbin/service ix-nsswitch quietstart
Aug  4 21:20:15 s-nas ActiveDirectory: /usr/sbin/service ix-kinit quietstart
Aug  4 21:20:27 s-nas ActiveDirectory: /usr/sbin/service ix-kinit status
Aug  4 21:20:28 s-nas ActiveDirectory: /usr/sbin/service ix-samba quietstart
Aug  4 21:20:29 s-nas generate_smb4_conf.py: [common.pipesubr:58] Popen()ing: /sbin/sysctl -n 'kern.maxfilesperproc'
Aug  4 21:20:29 s-nas generate_smb4_conf.py: [common.pipesubr:58] Popen()ing: zfs list -H -o mountpoint,name
Aug  4 21:20:29 s-nas generate_smb4_conf.py: [common.pipesubr:58] Popen()ing: zfs list -H -o mountpoint
Aug  4 21:20:29 s-nas generate_smb4_conf.py: [common.pipesubr:58] Popen()ing: /usr/local/bin/pdbedit -d 0 -i smbpasswd:/tmp/tmpyLXcez -e tdbsam:/var/etc/private/passdb.tdb -s /usr/local/etc/smb4.conf
Aug  4 21:20:29 s-nas ActiveDirectory: /usr/local/bin/python /usr/local/www/freenasUI/middleware/notifier.py start cifs
Aug  4 21:20:30 s-nas generate_smb4_conf.py: [common.pipesubr:58] Popen()ing: /sbin/sysctl -n 'kern.maxfilesperproc'
Aug  4 21:20:30 s-nas generate_smb4_conf.py: [common.pipesubr:58] Popen()ing: zfs list -H -o mountpoint,name
Aug  4 21:20:30 s-nas generate_smb4_conf.py: [common.pipesubr:58] Popen()ing: zfs list -H -o mountpoint
Aug  4 21:20:30 s-nas generate_smb4_conf.py: [common.pipesubr:58] Popen()ing: /usr/local/bin/pdbedit -d 0 -i smbpasswd:/tmp/tmp2Y1E3M -e tdbsam:/var/etc/private/passdb.tdb -s /usr/local/etc/smb4.conf
Aug  4 21:20:30 s-nas notifier: Performing sanity check on Samba configuration: OK
Aug  4 21:20:30 s-nas notifier: Starting nmbd.
Aug  4 21:20:30 s-nas notifier: Starting smbd.
Aug  4 21:20:30 s-nas notifier: Starting winbindd.
Aug  4 21:20:31 s-nas ActiveDirectory: /usr/sbin/service ix-activedirectory quietstart
Aug  4 21:20:34 s-nas ActiveDirectory: /usr/sbin/service ix-activedirectory status
Aug  4 21:20:48 s-nas ActiveDirectory: /usr/local/bin/python /usr/local/www/freenasUI/middleware/notifier.py stop cifs
Aug  4 21:20:50 s-nas notifier: Stopping winbindd.
Aug  4 21:20:50 s-nas winbindd[82617]: [2014/08/04 21:20:50.557921,  0] ../source3/winbindd/winbindd.c:234(winbindd_sig_term_handler)
Aug  4 21:20:50 s-nas winbindd[82617]:   Got sig[15] terminate (is_parent=1)
Aug  4 21:20:50 s-nas winbindd[83558]: [2014/08/04 21:20:50.560748,  0] ../source3/winbindd/winbindd.c:234(winbindd_sig_term_handler)
Aug  4 21:20:50 s-nas winbindd[83558]:   Got sig[15] terminate (is_parent=0)
Aug  4 21:20:50 s-nas notifier: Waiting for PIDS: 82617.
Aug  4 21:20:50 s-nas notifier: Stopping smbd.
Aug  4 21:20:51 s-nas notifier: Waiting for PIDS: 82613, 82613.
Aug  4 21:20:51 s-nas notifier: Stopping nmbd.
Aug  4 21:20:51 s-nas notifier: Waiting for PIDS: 82609.
Aug  4 21:20:51 s-nas ActiveDirectory: /usr/sbin/service ix-kerberos quietstop
Aug  4 21:20:51 s-nas ActiveDirectory: /usr/sbin/service ix-nsswitch quietstop
Aug  4 21:20:51 s-nas ActiveDirectory: /usr/sbin/service ix-pam quietstop
Aug  4 21:20:51 s-nas ActiveDirectory: /usr/sbin/service ix-kinit forcestop
Aug  4 21:20:51 s-nas ActiveDirectory: /usr/sbin/service ix-activedirectory forcestop
Aug  4 21:20:54 s-nas ActiveDirectory: /usr/sbin/service ix-cache quietstop &
Aug  4 21:20:54 s-nas ActiveDirectory: /usr/sbin/service samba_server forcestop
Aug  4 21:20:54 s-nas ActiveDirectory: /usr/sbin/service ix-samba start
Aug  4 21:20:55 s-nas generate_smb4_conf.py: [common.pipesubr:58] Popen()ing: /sbin/sysctl -n 'kern.maxfilesperproc'
Aug  4 21:20:55 s-nas generate_smb4_conf.py: [common.pipesubr:58] Popen()ing: zfs list -H -o mountpoint,name
Aug  4 21:20:55 s-nas generate_smb4_conf.py: [common.pipesubr:58] Popen()ing: zfs list -H -o mountpoint
Aug  4 21:20:55 s-nas generate_smb4_conf.py: [common.pipesubr:58] Popen()ing: /usr/local/bin/pdbedit -d 0 -i smbpasswd:/tmp/tmp6O49I_ -e tdbsam:/var/etc/private/passdb.tdb -s /usr/local/etc/smb4.conf
Aug  4 21:20:55 s-nas ActiveDirectory: /usr/local/bin/python /usr/local/www/freenasUI/middleware/notifier.py start cifs
Aug  4 21:20:56 s-nas generate_smb4_conf.py: [common.pipesubr:58] Popen()ing: /sbin/sysctl -n 'kern.maxfilesperproc'
Aug  4 21:20:56 s-nas generate_smb4_conf.py: [common.pipesubr:58] Popen()ing: zfs list -H -o mountpoint,name
Aug  4 21:20:56 s-nas generate_smb4_conf.py: [common.pipesubr:58] Popen()ing: zfs list -H -o mountpoint
Aug  4 21:20:56 s-nas generate_smb4_conf.py: [common.pipesubr:58] Popen()ing: /usr/local/bin/pdbedit -d 0 -i smbpasswd:/tmp/tmpyx3LHS -e tdbsam:/var/etc/private/passdb.tdb -s /usr/local/etc/smb4.conf
Aug  4 21:20:57 s-nas notifier: Performing sanity check on Samba configuration: OK
Aug  4 21:20:57 s-nas notifier: Starting nmbd.
Aug  4 21:20:57 s-nas notifier: Starting smbd.
Aug  4 21:20:57 s-nas notifier: Starting winbindd.
Aug  4 21:20:57 s-nas winbindd[86419]: [2014/08/04 21:20:57.214271,  0] ../source3/winbindd/winbindd_cache.c:3196(initialize_winbindd_cache)
Aug  4 21:20:57 s-nas winbindd[86419]:   initialize_winbindd_cache: clearing cache and re-creating with version number 2

And output of wbinfo -t (I changed my real domain name to DOMAINNAME):

Code:

checking the trust secret for domain DOMAINNAME via RPC calls failed
error code was NT_STATUS_NO_SUCH_DOMAIN (0xc00000df)
failed to call wbcCheckTrustCredentials: WBC_ERR_AUTH_ERROR
Could not check secret

I'm able to ping my Domain and my domain controller from my FreeNas box so I am assuming it is not an network problem.
I was also able to join other hosts to my domain so I'm sure the domian controller ist working also.

Hope someone can help me :)

 

[anodos]

Verify that time is set identically on the DC and your freenas server. (If you use an external NTP server, make sure you've configured your default gateway on your FreeNAS).
Verify that DNS on your freenas is set up correctly. You should be able to ping your DC by FQDN [ie "ping DomainController.foo.com"]

 

[chris95]

Checked the time and its identically, and I'm able to ping the domain with the FQDN. I am using an separate DNS server on my network, but for testing I added an entry for the domain in /etc/hosts on the FreeNas system but that didn't help.

 

[anodos]

Can you ping your FreeNAS server by FQDN from your domain controller?

Are you using a domain admin account to do the join?

What version of freenas are you using?
What version of windows server?
What is your domain functional level?

Do you have a testing network / DC? Sometimes it is easier to troubleshoot these things if you can start from fresh install of Windows server / use minimal domain.