I've checked that CIFS is setup right and Active Directory seems to have joined the domain correctly. When I check from the command line my AD users are listed. They are not shown using the GUI though and attempting to map the shared folder doesn't accept login credentials. I could reboot back to the old version and I assume my users would at least be able to see their data again, but I'd prefer to get it working again with the new version. What might I have missed?
-
Important Announcement for the TrueNAS Community.
The TrueNAS Community has now been moved. This forum has become READ-ONLY for historical purposes. Please feel free to join us on the new TrueNAS Community Forums
Upgrade 9.2.1.5 to 9.3, AD users can no longer login
- Thread starter billsey
- Start date
- Status
Do these error messages help at all?
Jun 3 14:24:25 nas01 smbd[4743]: STATUS=daemon 'smbd' finished starting up and ready to serve connectionsgss_accept_sec_context failed with [ Miscellaneous failure (see text): Failed to find cifs/NAS01.gsslinc.local@GSSLINC.LOCAL(kvno 3) in keytab MEMORY:cifs_srv_keytab (arcfour-hmac-md5)]
Jun 3 14:24:25 nas01 smbd[4744]: STATUS=daemon 'smbd' finished starting up and ready to serve connectionsgss_accept_sec_context failed with [ Miscellaneous failure (see text): Failed to find cifs/NAS01.gsslinc.local@GSSLINC.LOCAL(kvno 3) in keytab MEMORY:cifs_srv_keytab (arcfour-hmac-md5)]
Jun 3 14:24:25 nas01 smbd[4745]: STATUS=daemon 'smbd' finished starting up and ready to serve connectionsgss_accept_sec_context failed with [ Miscellaneous failure (see text): Failed to find cifs/NAS01.gsslinc.local@GSSLINC.LOCAL(kvno 3) in keytab MEMORY:cifs_srv_keytab (arcfour-hmac-md5)]
Jun 3 14:24:36 nas01 smbd[4746]: STATUS=daemon 'smbd' finished starting up and ready to serve connectionsUsername GSSLINC\Administrator is invalid on this system
Jun 3 14:24:25 nas01 smbd[4743]: STATUS=daemon 'smbd' finished starting up and ready to serve connectionsgss_accept_sec_context failed with [ Miscellaneous failure (see text): Failed to find cifs/NAS01.gsslinc.local@GSSLINC.LOCAL(kvno 3) in keytab MEMORY:cifs_srv_keytab (arcfour-hmac-md5)]
Jun 3 14:24:25 nas01 smbd[4744]: STATUS=daemon 'smbd' finished starting up and ready to serve connectionsgss_accept_sec_context failed with [ Miscellaneous failure (see text): Failed to find cifs/NAS01.gsslinc.local@GSSLINC.LOCAL(kvno 3) in keytab MEMORY:cifs_srv_keytab (arcfour-hmac-md5)]
Jun 3 14:24:25 nas01 smbd[4745]: STATUS=daemon 'smbd' finished starting up and ready to serve connectionsgss_accept_sec_context failed with [ Miscellaneous failure (see text): Failed to find cifs/NAS01.gsslinc.local@GSSLINC.LOCAL(kvno 3) in keytab MEMORY:cifs_srv_keytab (arcfour-hmac-md5)]
Jun 3 14:24:36 nas01 smbd[4746]: STATUS=daemon 'smbd' finished starting up and ready to serve connectionsUsername GSSLINC\Administrator is invalid on this system
- Joined
- Feb 15, 2014
- Messages
- 20,194
9.2.1.6 and newer have significant changes to Samba.
Honestly, I'd try reconfiguring it from scratch (maybe I'm just naïve, but I assume that the Active Directory setup makes such a thing a bit more palatable?). Maybe someone has less aggressive advice, though.
Honestly, I'd try reconfiguring it from scratch (maybe I'm just naïve, but I assume that the Active Directory setup makes such a thing a bit more palatable?). Maybe someone has less aggressive advice, though.
I'm really afraid of doing something that loses the data... We've got several TB on that share and I don't really want to have to try and restore from backup that volume. I thought when I did the upgrade that there was a 'go back to the old' option during boot, but it's not there, so I can't even go back to where I was this morning. You can imagine the wolves at my office door this afternoon since no one can get to any of their data...
- Joined
- Feb 15, 2014
- Messages
- 20,194
Chmod doesn't work at all, starting with 9.2.1.6.
As for losing data, that won't happen. Worst case, permissions are screwed up a bit. You'll notice you're already in the worst-case scenario.
And that didn't work... 9.2.1.5 wouldn't launch directory services and CIFS would start but couldn't be shut off. I don't remember having this much trouble when I first set this system up, or when I upgraded it to 9.2.1.5. :(
Is there any chance I can get AD working by starting from a blank slate with 9.3? There have to be people who are using it, aren't there? Or is FreeNAS only for test systems and 'it doesn't really matter if it's down for a few days' scenarios?
Is there any chance I can get AD working by starting from a blank slate with 9.3? There have to be people who are using it, aren't there? Or is FreeNAS only for test systems and 'it doesn't really matter if it's down for a few days' scenarios?
- Joined
- Feb 15, 2014
- Messages
- 20,194
It works, that's for sure. The problem is that you're dealing with an intersection of several things: ZFS, FreeBSD running as a sort of black box, Samba (great project, horrible documentation) and the FreeNAS middleware.
At this point, you don't really have anything to lose by trying 9.3, so give it a shot and configure it carefully according to the manual. The transition to Samba 4 in 9.2.1.6 was often problematic, but things should work better from here on.
OK, I started today by running the wizard, then reset permissions to the defaults, then noticed there was an update this morning so installed that on the 9.3 setup. Something started working again! Now I'm manually resetting permissions to what they need to be instead of the current 'Everyone' (note, defaults of AD should include Domain Admins with full permissions, or else you have to figure out how to get Windows to use the local root account). it's been a bit more than 45 minutes so far on the permissions change, but once it's done I can deal with modifying for specific folders...
Wish I knew what made it work, though I'm guessing it was the update.
Wish I knew what made it work, though I'm guessing it was the update.
- Status
