Uploaded image for project: 'FreeNAS / TrueNAS'
  1. FreeNAS / TrueNAS
  2. NAS-104354

Errors when binding a fresh FreeNAS to a fresh Active Directory

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Engineering Closed (View Workflow)
    • Priority: Low
    • Resolution: Cannot Reproduce
    • Affects Version/s: Master - FreeNAS Nightlies, 11.3-RC1
    • Fix Version/s: N/A
    • Labels:

      Description

      Problem: A freshly virgin install of FreeNAS gives errors when attempting to join a freshly virgin Windows Server 2019 Active Directory.

       

      Steps to replicate:

      1. Create a virgin installation of Windows Server 2019 with the server roles of "Active Directory Domain Services" and "DNS Server". Set the schema Function Level to 2008R2.
        1. Optional: Bind a secondary Windows 10 workstation to the Active Directory to verify that AD is functioning.
      2. Create a virgin installation of FreeNAS 11.3-RC1 or FreeNAS-11.3-MASTER-201912150956.
      3. Go to Directory Services -> Active Directory. Enter domain credentials.
        1. Optional: Click Advanced and enter Netbios name and alias if desired.

       

      The following CallError is presented:

      [EFAULT] Failed to update trust password: [ads_change_trust_account_password: kerberos_set_password(10.0.1.9, genevatest$@BZ.LAN) failed for new_password of BZ - NT_STATUS_NO_LOGON_SERVERS Password change failed: Cannot contact any KDC for requested realm]

      More info:
      Error: Traceback (most recent call last):
        File "/usr/local/lib/python3.7/site-packages/middlewared/main.py", line 128, in call_method
          result = await self.middleware.call_method(self, message)
        File "/usr/local/lib/python3.7/site-packages/middlewared/main.py", line 1113, in call_method
          return await self._call(message['method'], serviceobj, methodobj, params, app=app, io_thread=False)
        File "/usr/local/lib/python3.7/site-packages/middlewared/main.py", line 1061, in _call
          return await methodobj(*args)
        File "/usr/local/lib/python3.7/site-packages/middlewared/service.py", line 302, in update
          f'{self._config.namespace}.update', self, self.do_update, [data]
        File "/usr/local/lib/python3.7/site-packages/middlewared/main.py", line 1061, in _call
          return await methodobj(*args)
        File "/usr/local/lib/python3.7/site-packages/middlewared/schema.py", line 949, in nf
          return await f(*args, **kwargs)
        File "/usr/local/lib/python3.7/site-packages/middlewared/plugins/activedirectory.py", line 876, in do_update
          await self.start()
        File "/usr/local/lib/python3.7/site-packages/middlewared/plugins/activedirectory.py", line 983, in start
          await self.change_trust_account_pw()
        File "/usr/local/lib/python3.7/site-packages/middlewared/schema.py", line 949, in nf
          return await f(*args, **kwargs)
        File "/usr/local/lib/python3.7/site-packages/middlewared/plugins/activedirectory.py", line 1283, in change_trust_account_pw
          f"Failed to update trust password: [{netads.stderr.decode().strip()}]"
      middlewared.service_exception.CallError: [EFAULT] Failed to update trust password: [ads_change_trust_account_password: kerberos_set_password(10.0.1.9, genevatest$@BZ.LAN) failed for new_password of BZ - NT_STATUS_NO_LOGON_SERVERS
      Password change failed: Cannot contact any KDC for requested realm]

       

      Strangely, when accessing the shell console, running "wbinfo -u" and "wbinfo -g" does show a populated list of users and groups. Running "wbinfo -t" also succeeds. But via the GUI, FreeNAS shows the following alert:

      Attempt to connect to netlogon share failed with error: [EFAULT] could not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE could not obtain winbind domain name! failed to call wbcPingDc: WBC_ERR_WINBIND_NOT_AVAILABLE.


      Problem observed in FreeNAS 11.3-RC1 and FreeNAS-11.3-MASTER-201912150956.

        Attachments

          Attachments

            JEditor

              Activity

                People

                Assignee:
                awalker Andrew Walker
                Reporter:
                xstylus Troy Williams
                Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                  Dates

                  Created:
                  Updated:
                  Resolved: