I was hoping to be able to figure this out by myself, but I'm getting frustrated and desperate at this point and need help.
I had a FreeNAS 9.2.X setup working nicely with Windows2008R2 Active Directory for the past year with no / minimal issues. Of course, today is Sunday, and users will be in the office tomorrow morning.
Last night, after updating to FreeNAS 9.3, I can no longer authenticate to Active Directory. The clients on the network can see the shares, but no credentials work.
I've read every forum post, all the bugs and documentation and I've tried nearly everything I could find to tune or switch and I am getting nowhere.
I have the feeling its some sort of Kerberos or DNS type of issue. Here are some of the commands I have run to attempt to troubleshoot.
I get the following errors:
[root@anthony] ~# wbinfo -t
checking the trust secret for domain SHDSJ via RPC calls failed
error code was NT_STATUS_NO_SUCH_DOMAIN (0xc00000df)
failed to call wbcCheckTrustCredentials: WBC_ERR_AUTH_ERROR
Could not check secret
[root@anthony] ~# wbinfo -u
ANTHONY\root
ANTHONY\postmaster
[root@anthony] ~# net ads join -S SHDSJ -U Administrator
Host is not configured as a member server.
Invalid configuration. Exiting....
Failed to join domain: This operation is only allowed for the PDC of the domain.
[root@anthony] ~# net ads join -S nicholas.sacredheartsaratoga.org -U Administrator
Host is not configured as a member server.
Invalid configuration. Exiting....
Failed to join domain: This operation is only allowed for the PDC of the domain.
root@anthony] ~# host -t srv _ldap._tcp.nicholas.sacredheartsaratoga.org
_ldap._tcp.nicholas.sacredheartsaratoga.org has SRV record 0 100 389 nicholas.nicholas.sacredheartsaratoga.org.
Debug and /var/log/messages output attached.
I had a FreeNAS 9.2.X setup working nicely with Windows2008R2 Active Directory for the past year with no / minimal issues. Of course, today is Sunday, and users will be in the office tomorrow morning.
Last night, after updating to FreeNAS 9.3, I can no longer authenticate to Active Directory. The clients on the network can see the shares, but no credentials work.
I've read every forum post, all the bugs and documentation and I've tried nearly everything I could find to tune or switch and I am getting nowhere.
I have the feeling its some sort of Kerberos or DNS type of issue. Here are some of the commands I have run to attempt to troubleshoot.
I get the following errors:
[root@anthony] ~# wbinfo -t
checking the trust secret for domain SHDSJ via RPC calls failed
error code was NT_STATUS_NO_SUCH_DOMAIN (0xc00000df)
failed to call wbcCheckTrustCredentials: WBC_ERR_AUTH_ERROR
Could not check secret
[root@anthony] ~# wbinfo -u
ANTHONY\root
ANTHONY\postmaster
[root@anthony] ~# net ads join -S SHDSJ -U Administrator
Host is not configured as a member server.
Invalid configuration. Exiting....
Failed to join domain: This operation is only allowed for the PDC of the domain.
[root@anthony] ~# net ads join -S nicholas.sacredheartsaratoga.org -U Administrator
Host is not configured as a member server.
Invalid configuration. Exiting....
Failed to join domain: This operation is only allowed for the PDC of the domain.
root@anthony] ~# host -t srv _ldap._tcp.nicholas.sacredheartsaratoga.org
_ldap._tcp.nicholas.sacredheartsaratoga.org has SRV record 0 100 389 nicholas.nicholas.sacredheartsaratoga.org.
Debug and /var/log/messages output attached.