Details
-
Type:
Bug
-
Status: Engineering Closed (View Workflow)
-
Priority:
Low
-
Resolution: Cannot Reproduce
-
Affects Version/s: Master - FreeNAS Nightlies, 11.3-RC1
-
Fix Version/s: N/A
-
Component/s: Directory Services, Services
-
Labels:
Description
Problem: A freshly virgin install of FreeNAS gives errors when attempting to join a freshly virgin Windows Server 2019 Active Directory.
Steps to replicate:
- Create a virgin installation of Windows Server 2019 with the server roles of "Active Directory Domain Services" and "DNS Server". Set the schema Function Level to 2008R2.
- Optional: Bind a secondary Windows 10 workstation to the Active Directory to verify that AD is functioning.
- Create a virgin installation of FreeNAS 11.3-RC1 or FreeNAS-11.3-MASTER-201912150956.
- Go to Directory Services -> Active Directory. Enter domain credentials.
- Optional: Click Advanced and enter Netbios name and alias if desired.
The following CallError is presented:
[EFAULT] Failed to update trust password: [ads_change_trust_account_password: kerberos_set_password(10.0.1.9, genevatest$@BZ.LAN) failed for new_password of BZ - NT_STATUS_NO_LOGON_SERVERS Password change failed: Cannot contact any KDC for requested realm]
More info:
Error: Traceback (most recent call last):
File "/usr/local/lib/python3.7/site-packages/middlewared/main.py", line 128, in call_method
result = await self.middleware.call_method(self, message)
File "/usr/local/lib/python3.7/site-packages/middlewared/main.py", line 1113, in call_method
return await self._call(message['method'], serviceobj, methodobj, params, app=app, io_thread=False)
File "/usr/local/lib/python3.7/site-packages/middlewared/main.py", line 1061, in _call
return await methodobj(*args)
File "/usr/local/lib/python3.7/site-packages/middlewared/service.py", line 302, in update
f'{self._config.namespace}.update', self, self.do_update, [data]
File "/usr/local/lib/python3.7/site-packages/middlewared/main.py", line 1061, in _call
return await methodobj(*args)
File "/usr/local/lib/python3.7/site-packages/middlewared/schema.py", line 949, in nf
return await f(*args, **kwargs)
File "/usr/local/lib/python3.7/site-packages/middlewared/plugins/activedirectory.py", line 876, in do_update
await self.start()
File "/usr/local/lib/python3.7/site-packages/middlewared/plugins/activedirectory.py", line 983, in start
await self.change_trust_account_pw()
File "/usr/local/lib/python3.7/site-packages/middlewared/schema.py", line 949, in nf
return await f(*args, **kwargs)
File "/usr/local/lib/python3.7/site-packages/middlewared/plugins/activedirectory.py", line 1283, in change_trust_account_pw
f"Failed to update trust password: [{netads.stderr.decode().strip()}]"
middlewared.service_exception.CallError: [EFAULT] Failed to update trust password: [ads_change_trust_account_password: kerberos_set_password(10.0.1.9, genevatest$@BZ.LAN) failed for new_password of BZ - NT_STATUS_NO_LOGON_SERVERS
Password change failed: Cannot contact any KDC for requested realm]
Strangely, when accessing the shell console, running "wbinfo -u" and "wbinfo -g" does show a populated list of users and groups. Running "wbinfo -t" also succeeds. But via the GUI, FreeNAS shows the following alert:
Attempt to connect to netlogon share failed with error: [EFAULT] could not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE could not obtain winbind domain name! failed to call wbcPingDc: WBC_ERR_WINBIND_NOT_AVAILABLE.
Problem observed in FreeNAS 11.3-RC1 and FreeNAS-11.3-MASTER-201912150956.
