[regression] Not Able to Join Domain
I'm unable to join domain on FreeNAS 9.10.1-U2. If I try the same steps on version 9.10.1, it works fine.
In the debug.log there are some errors like:
I'm using the same account to join the domain in both versions.
#1 Updated by Kris Moore almost 4 years ago
- Subject changed from Not Able to Join Domain to [regression] Not Able to Join Domain
- Assignee set to Erin Clark
- Priority changed from No priority to Important
- Target version set to 9.10.2
Over to Erin for investigation. If you could post your debug file, that would come in handy as well.
#6 Updated by Fabio Rodrigues almost 4 years ago
Is there any specific log from the debug dump that you need? Sorry, but I can't send everything for security reasons.
When I try to join the domain I get a message in green in the user interface with this message: "The service failed to restart". I'm not sure, but I think it is related to SMB.
#8 Updated by Fabio Rodrigues almost 4 years ago
I also see errors like that in the log.winbindd file:
[2016/10/25 09:04:06.615890, 0] ../source3/libsmb/cliconnect.c:1895(cli_session_setup_spnego_send)
Kinit for firstname.lastname@example.org to access email@example.com failed: Client not found in Kerberos database
[2016/10/24 17:53:22.602483, 0] ../source3/libsmb/cliconnect.c:1895(cli_session_setup_spnego_send)
Kinit for firstname.lastname@example.org to access email@example.com failed: Clients credentials have been revoked
#11 Updated by Fabio Rodrigues almost 4 years ago
Do you know how powerful the user that we use to add freenas to the domain needs to be?
I'm asking because I was able to add the server to the domain but I had to give more permissions than expected for the account. The account has more permissions than other accounts that we use to add other computers to the domain.
What if I give this permissions to the user, add the server to the domain, and remove the extra permissions. Do you know if that will crash FreeNAS?