Did you know  45Drives offers free  public and private  webinars ? Click here to learn more  & register! Build & Price

KB450250 — FreeNAS System Won’t Domain Join

/ by

You are here:
Table of Contents

Scope/Description

To resolve a FreeNAS unit not joining a domain properly despite using proper credentials.

Prerequisites

  1. A unit running FreeNAS
  2. An active directory domain
  3. An AD account with administrative privileges

Steps

On the FreeNAS installation that is having difficulty joining the domain, ensure that all variables are set properly.

Double check all network settings, if necessary, ensure the domain controller is in the gateway address list.

Confirm domain join credentials. It’s necessary for the account used to join the domain to be a domain administrator.

If an error while joining the domain is shown, such as:

80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580, Invalid credentials

Follow these steps to attempt a domain join:

  • In the FreeNAS Shell, enter:
sqlite3 /data/freenas-v1.db “update directoryservice_activedirectory set ad_enable=1;”

echo $?
- This should return a value of 0.
  • Start the following services:
service ix-kerberos start
service ix-nsswitch start
service ix-kinit start
service ix-kinit status

echo $?

klist

sqlite3 /data/freenas-v1.db “update directoryservice_activedirectory set ad_enable=1;”
  • Start the following services:
service ix-kerberos start
service ix-nsswitch start
service ix-kinit start
service ix-kinit status

echo $?

klist
  • klist should list a kerberos ticket
  • After this, run the following commands followed by echo. Echo should return a 0.
python /usr/local/www/freenasUI/middleware/notifier.py start cifs

service ix-activedirectory start

service ix-activedirectory status

echo $?

python /usr/local/www/freenasUI/middleware/notifier.py restart cifs

service ix-pam start

service ix-cache start &

Verification

While running this set of commands, it should notate that a domain join as occurred. To verify this, use getent passwd or getent group to list all domain users or groups.

Under a dataset or pool’s permissions, the group or users should also be selectable.

Troubleshooting

  • If the join still fails, make sure to add the FreeNAS unit under the Unmanaged Computers OU.
  • Double check domain account credentials. Re-enter them if necessary.
  • Check with AD Admin to ensure the account being used has sufficiently elevated privileges for a full domain join.
Was this article helpful?
Dislike 0
Views: 848
Unboxing Racking Storage Drives Cable Setup Power UPS Sizing Remote Access