Project

General

Profile

Bug #18741

Active Directory bind

Added by Aaron Kirkland almost 4 years ago. Updated about 3 years ago.

Status:
Closed: User Config Issue
Priority:
No priority
Assignee:
-
Category:
OS
Target version:
Seen in:
Severity:
New
Reason for Closing:
Reason for Blocked:
Needs QA:
Yes
Needs Doc:
Yes
Needs Merging:
Yes
Needs Automation:
No
Support Suite Ticket:
n/a
Hardware Configuration:
ChangeLog Required:
No

Description

I am having trouble using Active Directory I get an error in the web front end "The service failed to restart." I have done the troubleshooting steps and i get the an error on the service ix-activedirectory start step with the following error "Failed to join domain: failed to connect to AD: Cannot read password"

[root@fs] ~# sqlite3 /data/freenas-v1.db "update directoryservice_activedirectory set ad_enable=1;"
[root@fs] ~# echo $?
0
[root@fs] ~# service ix-kerberos start
[root@fs] ~# service ix-nsswitch start
[root@fs] ~# service ix-kinit start
[root@fs] ~# service ix-kinit status
[root@fs] ~# echo $?
0
[root@fs] ~# klist
Credentials cache: FILE:/tmp/krb5cc_0
Principal:

Issued                Expires               Principal
Nov 5 13:42:25 2016 Nov 5 23:42:25 2016
[root@fs] ~# python /usr/local/www/freenasUI/middleware/notifier.py start cifs
True
[root@fs] ~# service ix-activedirectory start
Failed to join domain: failed to connect to AD: Cannot read password
False
winbindd not running? (check /var/run/samba/winbindd.pid).
smbd not running? (check /var/run/samba/smbd.pid).
nmbd not running? (check /var/run/samba/nmbd.pid).

version is FreeNAS-9.10.1-U2 (f045a8b)
Active Directory is univention UCS server (samba 4) www.univention.com

I can bind mac and windows computers without problem.

here is the section from /var/log/messages

Nov 5 14:14:37 fs adtool: [common.pipesubr:66] Popen()ing: klist
Nov 5 14:14:37 fs adtool: [common.pipesubr:66] Popen()ing: /usr/bin/kinit --renewable --password-file=/tmp/tmppOh12x
Nov 5 14:14:41 fs ActiveDirectory: /usr/sbin/service ix-hostname quietstart
Nov 5 14:14:42 fs ActiveDirectory: /usr/sbin/service ix-kerberos quietstart default LORETEC.COM
Nov 5 14:14:44 fs generate_krb5_conf.py: [common.pipesubr:66] Popen()ing: klist
Nov 5 14:14:45 fs ActiveDirectory: /usr/sbin/service ix-nsswitch quietstart
Nov 5 14:14:47 fs ActiveDirectory: /usr/sbin/service ix-ldap quietstart
Nov 5 14:14:47 fs ActiveDirectory: /usr/sbin/service ix-kinit quietstart
Nov 5 14:14:51 fs ActiveDirectory: /usr/sbin/service ix-kinit status
Nov 5 14:14:53 fs ActiveDirectory: /usr/local/bin/python /usr/local/www/freenasUI/middleware/notifier.py start cifs
Nov 5 14:14:56 fs generate_smb4_conf.py: [common.pipesubr:66] Popen()ing: /sbin/sysctl -n 'kern.maxfilesperproc'
Nov 5 14:14:57 fs generate_smb4_conf.py: [common.pipesubr:66] Popen()ing: klist
Nov 5 14:14:58 fs generate_smb4_conf.py: [common.pipesubr:66] Popen()ing: mount
Nov 5 14:14:58 fs generate_smb4_conf.py: [common.pipesubr:66] Popen()ing: /usr/local/bin/net -d 0 getlocalsid
Nov 5 14:14:59 fs notifier: Performing sanity check on Samba configuration: OK
Nov 5 14:14:59 fs notifier: Starting nmbd.
Nov 5 14:15:00 fs notifier: Starting smbd.
Nov 5 14:15:00 fs notifier: Starting winbindd.
Nov 5 14:15:01 fs ActiveDirectory: /usr/sbin/service ix-activedirectory quietstart
Nov 5 14:15:04 fs generate_ldap_conf.py: [common.pipesubr:66] Popen()ing: klist
Nov 5 14:15:08 fs ActiveDirectory: /usr/local/bin/python /usr/local/www/freenasUI/middleware/notifier.py stop cifs
Nov 5 14:15:10 fs notifier: Stopping winbindd.
Nov 5 14:15:10 fs notifier: Waiting for PIDS: 56899.
Nov 5 14:15:10 fs notifier: Stopping smbd.
Nov 5 14:15:11 fs notifier: Waiting for PIDS: 56894, 56894.
Nov 5 14:15:11 fs notifier: Stopping nmbd.
Nov 5 14:15:11 fs notifier: Waiting for PIDS: 56888.
Nov 5 14:15:11 fs ActiveDirectory: /usr/sbin/service ix-kerberos quietstop
Nov 5 14:15:12 fs ActiveDirectory: /usr/sbin/service ix-nsswitch quietstop
Nov 5 14:15:13 fs ActiveDirectory: /usr/sbin/service ix-pam quietstop
Nov 5 14:15:14 fs ActiveDirectory: /usr/sbin/service ix-activedirectory forcestop
Nov 5 14:15:19 fs adtool: [common.pipesubr:66] Popen()ing: klist
Nov 5 14:15:20 fs ActiveDirectory: /usr/sbin/service ix-cache quietstop &
Nov 5 14:15:23 fs ActiveDirectory: /usr/sbin/service samba_server forcestop
Nov 5 14:15:24 fs ActiveDirectory: /usr/sbin/service ix-pre-samba start
Nov 5 14:15:27 fs generate_smb4_conf.py: [common.pipesubr:66] Popen()ing: /sbin/sysctl -n 'kern.maxfilesperproc'
Nov 5 14:15:27 fs generate_smb4_conf.py: [common.pipesubr:66] Popen()ing: mount
Nov 5 14:15:27 fs generate_smb4_conf.py: [common.pipesubr:66] Popen()ing: /usr/local/bin/net -d 0 getlocalsid
Nov 5 14:15:28 fs ActiveDirectory: /usr/sbin/service ix-kinit forcestop
Nov 5 14:15:29 fs ActiveDirectory: /usr/sbin/service ix-hostname quietstart

History

#1 Updated by Aaron Kirkland almost 4 years ago

  • File debug-fs-20161105142129.txz added

#2 Updated by Aaron Kirkland almost 4 years ago

  • Seen in changed from Unspecified to 9.10.1-U2

#3 Updated by Aaron Kirkland almost 4 years ago

Please close this ticket I was able to get this working by changing the SASL wrapping: to sign

thank you

#4 Updated by Jordan Hubbard almost 4 years ago

  • Status changed from Unscreened to Closed: User Config Issue

#5 Updated by Dru Lavigne about 3 years ago

  • File deleted (debug-fs-20161105142129.txz)

#6 Updated by Dru Lavigne about 3 years ago

  • Target version set to N/A
  • Private changed from Yes to No

Also available in: Atom PDF