KB450250 — FreeNAS System Won’t Domain Join

Last modified: May 18, 2021
You are here:
Estimated reading time: 1 min


To resolve a FreeNAS unit not joining a domain properly despite using proper credentials.



  1. A unit running FreeNAS
  2. An active directory domain
  3. An AD account with administrative privileges


On the FreeNAS installation that is having difficulty joining the domain, ensure that all variables are set properly.

Double check all network settings, if necessary, ensure the domain controller is in the gateway address list.

Confirm domain join credentials. It’s necessary for the account used to join the domain to be a domain administrator.

If an error while joining the domain is shown, such as:

80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580, Invalid credentials

Follow these steps to attempt a domain join:

  • In the FreeNAS Shell, enter:
  1. sqlite3 /data/freenas-v1.db “update directoryservice_activedirectory set ad_enable=1;”
  2. echo $?
    – This should return a value of 0.
  3. start the following services:
    service ix-kerberos start
    service ix-nsswitch start
    service ix-kinit start
    service ix-kinit status
  4. echo $?
  5. klist
  • klist should list a kerberos ticket

After this, run the following commands followed by echo. Echo should return a 0.

  1. python /usr/local/www/freenasUI/middleware/notifier.py start cifs
  2. service ix-activedirectory start
  3. service ix-activedirectory status
  4. echo $?
  5. python /usr/local/www/freenasUI/middleware/notifier.py restart cifs
  6. service ix-pam start
  7. service ix-cache start &


While running this set of commands, it should notate that a domain join as occurred. To verify this, use getent passwd or getent group to list all domain users or groups.

Under a dataset or pool’s permissions, the group or users should also be selectable.



If the join still fails, make sure to add the FreeNAS unit under the Unmanaged Computers OU.

Double check domain account credentials. Re-enter them if necessary.

Check with AD Admin to ensure the account being used has sufficiently elevated privileges for a full domain join.

Was this article helpful?
Dislike 0
Views: 81
Unboxing Racking Storage Drives Cable Setup Power UPS Sizing Remote Access