{"id":678,"date":"2016-11-14T09:31:28","date_gmt":"2016-11-14T08:31:28","guid":{"rendered":""},"modified":"2018-11-11T18:54:07","modified_gmt":"2018-11-11T17:54:07","slug":"freenas-problem-join-ad","status":"publish","type":"post","link":"https:\/\/nil.uniza.sk\/en\/freenas-problem-join-ad\/","title":{"rendered":"FreeNAS &#8211; problem to join FreeNAS into Windows AD"},"content":{"rendered":"<p><strong>Prerequisities:<\/strong><\/p>\n<ul>\n<li>FreeNAS 9.10 Stable<\/li>\n<li>Time is accurate, using internet NTP servers<\/li>\n<li>AD: Windows 2003<\/li>\n<\/ul>\n<p>Integrating FreeNAS with Windows AD through Directory -&gt; Active Directory Basic mode returns<\/p>\n<pre>Can't contact LDAP server<\/pre>\n<p>login as a root and typing<\/p>\n<p><strong>wbinfo -t <\/strong>returns<\/p>\n<pre>wbinfo -tcould not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE\r\ncould not obtain winbind domain name!\r\nchecking the trust secret for domain (null) via RPC calls failed\r\nfailed to call wbcCheckTrustCredentials: WBC_ERR_WINBIND_NOT_AVAILABLE\r\nCould not check secret<\/pre>\n<div>where -t option mean<\/div>\n<div>\n<pre>-t|--check-secret\r\n           Verify that the workstation trust account created when the Samba\r\n           server is added to the Windows NT domain is working. May be used in\r\n           conjunction with domain in order to verify interdomain trust\r\n           accounts.<\/pre>\n<\/div>\n<h2>Solving:<\/h2>\n<p>first of all check your DNS settings required for AD:<\/p>\n<p>1) check resolving of your domain name to IP, in my case the domain is kis.fri.uniza.sk, dig should return IP address<\/p>\n<pre>root@freenas] ~# dig kis.fri.uniza.sk\r\n\r\n; &lt;&lt;&gt;&gt; DiG 9.10.4-P1 &lt;&lt;&gt;&gt; kis.fri.uniza.sk\r\n;; global options: +cmd\r\n;; Got answer:\r\n;; -&gt;&gt;HEADER&lt;&lt;- opcode: QUERY, status: NOERROR, id: 21107\r\n;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2\r\n;; OPT PSEUDOSECTION:\r\n; EDNS: version: 0, flags:; udp: 4096\r\n;; QUESTION SECTION:\r\n;kis.fri.uniza.sk. IN A\r\n\r\n;<span style=\"background-color: #ffff00;\">; ANSWER SECTION:\r\nkis.fri.uniza.sk. 600 IN A 192.168.10.2<\/span>\r\n\r\n;; AUTHORITY SECTION:\r\nkis.fri.uniza.sk. 3600 IN NS ns.kis.fri.uniza.sk.\r\n\r\n;; ADDITIONAL SECTION:\r\nns.kis.fri.uniza.sk. 3600 IN A 158.193.152.2\r\n\r\n;; Query time: 0 msec\r\n;; SERVER: 158.193.152.2#53(158.193.152.2)\r\n;; WHEN: Mon Nov 14 12:43:11 CET 2016\r\n;; MSG SIZE  rcvd: 94<\/pre>\n<div>2) seems ok, check then SRV RR for LDAP service:<\/div>\n<pre>[root@freenas] ~# host -t srv _ldap._tcp.kis.fri.uniza.sk\r\n_ldap._tcp.kis.fri.uniza.sk has SRV record 0 100 389 <span style=\"background-color: #ffff00;\">pdc.kis.fri.uniza.sk.<\/span><\/pre>\n<div>3) seems ok, check A resource record \u00a0for the domain controller<\/div>\n<div>\n<pre>dig pdc.kis.fri.uniza.sk\r\n\r\n; &lt;&lt;&gt;&gt; DiG 9.10.3-P4-Ubuntu &lt;&lt;&gt;&gt; pdc.kis.fri.uniza.sk\r\n;; global options: +cmd\r\n;; Got answer:\r\n;; -&gt;&gt;HEADER&lt;&lt;- opcode: QUERY, status: NXDOMAIN, id: 12104\r\n;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1\r\n\r\n;; OPT PSEUDOSECTION:\r\n; EDNS: version: 0, flags:; udp: 4096\r\n\r\n;; QUESTION SECTION:\r\n;pdc.kis.fri.uniza.sk. IN A\r\n\r\n;; AUTHORITY SECTION:\r\nkis.fri.uniza.sk. 3600 IN SOA ns.kis.fri.uniza.sk. hostmaster.kis.fri.uniza.sk. 2016111383 10800 3600 604800 3600\r\n\r\n;; Query time: 0 msec\r\n;; SERVER: 127.0.1.1#53(127.0.1.1)\r\n;; WHEN: Mon Nov 14 12:33:21 CET 2016\r\n;; MSG SIZE  rcvd: 99<\/pre>\n<div><span style=\"color: #ff0000;\">BAD<\/span>, i&#8217;m missing an answer section which means the A RR of my Domain controller inside of my DNS was not added, I need to add it. Once done correctly, it should return the answer correctly<\/div>\n<\/div>\n<pre>dig pdc.kis.fri.uniza.sk\r\n\r\n; &lt;&lt;&gt;&gt; DiG 9.10.3-P4-Ubuntu &lt;&lt;&gt;&gt; pdc.kis.fri.uniza.sk\r\n;; global options: +cmd\r\n;; Got answer:\r\n;; -&gt;&gt;HEADER&lt;&lt;- opcode: QUERY, status: NOERROR, id: 38508\r\n;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2\r\n\r\n;; OPT PSEUDOSECTION:\r\n; EDNS: version: 0, flags:; udp: 4096\r\n;; QUESTION SECTION:\r\n;pdc.kis.fri.uniza.sk. IN A\r\n\r\n<span style=\"background-color: #ffff00;\">;; ANSWER SECTION:\r\npdc.kis.fri.uniza.sk. 3600 IN A 192.168.10.2<\/span>\r\n\r\n;; AUTHORITY SECTION:\r\nkis.fri.uniza.sk. 3600 IN NS ns.kis.fri.uniza.sk.\r\n\r\n;; ADDITIONAL SECTION:\r\nns.kis.fri.uniza.sk. 3600 IN A 158.193.152.2\r\n\r\n;; Query time: 0 msec\r\n;; SERVER: 127.0.1.1#53(127.0.1.1)\r\n;; WHEN: Mon Nov 14 12:38:56 CET 2016\r\n;; MSG SIZE  rcvd: 98<\/pre>\n<p>Now i&#8217;m able to simply add FreeNAS to my windows domain.<\/p>","protected":false},"excerpt":{"rendered":"<p>\n\t<strong>Prerequisities:<\/strong><\/p>\n<ul>\n<li>\n\t\tFreeNAS 9.10 Stable<\/li>\n<li>\n\t\tTime is accurate, using internet NTP servers<\/li>\n<li>\n\t\tAD: Windows 2003<\/li>\n<\/ul>\n<p>\n\tIntegrating FreeNAS with Windows AD through Directory -&gt; Active Directory Basic mode returns<\/p>\n<pre>\r\nCan&#39;t contact LDAP server<\/pre>\n<p>\n\tlogin as a root and typing<\/p>\n<p>\n\t<strong>wbinfo -t <\/strong>returns<\/p>","protected":false},"author":7,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_seopress_robots_primary_cat":"","_seopress_titles_title":"","_seopress_titles_desc":"","_seopress_robots_index":"","_kad_blocks_custom_css":"","_kad_blocks_head_custom_js":"","_kad_blocks_body_custom_js":"","_kad_blocks_footer_custom_js":"","_kad_post_transparent":"","_kad_post_title":"","_kad_post_layout":"","_kad_post_sidebar_id":"","_kad_post_content_style":"","_kad_post_vertical_padding":"","_kad_post_feature":"","_kad_post_feature_position":"","_kad_post_header":false,"_kad_post_footer":false,"footnotes":""},"categories":[685],"tags":[],"class_list":["post-678","post","type-post","status-publish","format-standard","hentry","category-linux_-_howto-en"],"taxonomy_info":{"category":[{"value":685,"label":"Linux - HOWTO"}]},"featured_image_src_large":false,"author_info":{"display_name":"admin","author_link":"https:\/\/nil.uniza.sk\/en\/author\/admin\/"},"comment_info":5,"category_info":[{"term_id":685,"name":"Linux - HOWTO","slug":"linux_-_howto-en","term_group":0,"term_taxonomy_id":683,"taxonomy":"category","description":"","parent":0,"count":71,"filter":"raw","cat_ID":685,"category_count":71,"category_description":"","cat_name":"Linux - HOWTO","category_nicename":"linux_-_howto-en","category_parent":0}],"tag_info":false,"_links":{"self":[{"href":"https:\/\/nil.uniza.sk\/en\/wp-json\/wp\/v2\/posts\/678","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nil.uniza.sk\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nil.uniza.sk\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nil.uniza.sk\/en\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/nil.uniza.sk\/en\/wp-json\/wp\/v2\/comments?post=678"}],"version-history":[{"count":0,"href":"https:\/\/nil.uniza.sk\/en\/wp-json\/wp\/v2\/posts\/678\/revisions"}],"wp:attachment":[{"href":"https:\/\/nil.uniza.sk\/en\/wp-json\/wp\/v2\/media?parent=678"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nil.uniza.sk\/en\/wp-json\/wp\/v2\/categories?post=678"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nil.uniza.sk\/en\/wp-json\/wp\/v2\/tags?post=678"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}