Problem with DS - AD on Truenas 12 (SOLVED)

Computer Hardware & Server Infrastructure Builds
1

Hail Folks.

I’ve been set DS - AD on Freenas and everything was working properly. IDK Why, I lost connection with my AD (may be because my last ESET Antivirus update, which mess with my DNS Server on my Windwos 2016 AD), but Now I can’t use AD features anymore on Freenass. The question is ?! Is there anyway to remove all settings about AD and set it again from zero without lost Trunas server configuration ?! If I go to AD on Trunas it doesn’t show the field to put user and passowrd anymore, I just want to try from zero. Here below you have my actual flavor output from DS AD when I try to submit update:

activedirectory_update.bindpw: Failed to validate bind credentials:

Error: Traceback (most recent call last):
File “/usr/local/lib/python3.8/site-packages/middlewared/plugins/activedirectory.py”, line 760, in validate_credentials
self.middleware.call_sync(‘kerberos.do_kinit’, data)
File “/usr/local/lib/python3.8/site-packages/middlewared/main.py”, line 1249, in call_sync
return self.run_coroutine(methodobj(*prepared_call.args))
File “/usr/local/lib/python3.8/site-packages/middlewared/main.py”, line 1289, in run_coroutine
return fut.result()
File “/usr/local/lib/python3.8/concurrent/futures/_base.py”, line 432, in result
return self.__get_result()
File “/usr/local/lib/python3.8/concurrent/futures/_base.py”, line 388, in __get_result
raise self._exception
File “/usr/local/lib/python3.8/site-packages/middlewared/plugins/kerberos.py”, line 269, in do_kinit
raise CallError(f"kinit for domain [{data[‘domainname’]}] "
middlewared.service_exception.CallError: [EFAULT] kinit for domain [TOFILMES.LOCAL] with principal [TRUENAS$@TOFILMES.LOCAL] failed: kinit: krb5_get_init_creds: Client (TRUENAS$@TOFILMES.LOCAL) unknown

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File “/usr/local/lib/python3.8/site-packages/middlewared/plugins/activedirectory.py”, line 511, in do_update
await self.middleware.run_in_thread(self.validate_credentials, new)
File “/usr/local/lib/python3.8/site-packages/middlewared/utils/run_in_thread.py”, line 10, in run_in_thread
return await self.loop.run_in_executor(self.run_in_thread_executor, functools.partial(method, *args, **kwargs))
File “/usr/local/lib/python3.8/site-packages/middlewared/utils/io_thread_pool_executor.py”, line 25, in run
result = self.fn(*self.args, **self.kwargs)
File “/usr/local/lib/python3.8/site-packages/middlewared/plugins/activedirectory.py”, line 762, in validate_credentials
realm = self.middleware.call_sync(
File “/usr/local/lib/python3.8/site-packages/middlewared/main.py”, line 1249, in call_sync
return self.run_coroutine(methodobj(*prepared_call.args))
File “/usr/local/lib/python3.8/site-packages/middlewared/main.py”, line 1289, in run_coroutine
return fut.result()
File “/usr/local/lib/python3.8/concurrent/futures/_base.py”, line 432, in result
return self.__get_result()
File “/usr/local/lib/python3.8/concurrent/futures/_base.py”, line 388, in __get_result
raise self._exception
File “/usr/local/lib/python3.8/site-packages/middlewared/schema.py”, line 973, in nf
return await f(*args, **kwargs)
File “/usr/local/lib/python3.8/site-packages/middlewared/service.py”, line 445, in query
return await self.middleware.run_in_thread(
File “/usr/local/lib/python3.8/site-packages/middlewared/utils/run_in_thread.py”, line 10, in run_in_thread
return await self.loop.run_in_executor(self.run_in_thread_executor, functools.partial(method, *args, **kwargs))
File “/usr/local/lib/python3.8/site-packages/middlewared/utils/io_thread_pool_executor.py”, line 25, in run
result = self.fn(*self.args, **self.kwargs)
File “/usr/local/lib/python3.8/site-packages/middlewared/utils/init.py”, line 203, in filter_list
raise MatchNotFound()
middlewared.service_exception.MatchNotFound

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File “/usr/local/lib/python3.8/site-packages/middlewared/main.py”, line 137, in call_method
result = await self.middleware._call(message[‘method’], serviceobj, methodobj, params, app=self,
File “/usr/local/lib/python3.8/site-packages/middlewared/main.py”, line 1191, in _call
return await methodobj(*prepared_call.args)
File “/usr/local/lib/python3.8/site-packages/middlewared/service.py”, line 356, in update
rv = await self.middleware._call(
File “/usr/local/lib/python3.8/site-packages/middlewared/main.py”, line 1191, in _call
return await methodobj(*prepared_call.args)
File “/usr/local/lib/python3.8/site-packages/middlewared/schema.py”, line 973, in nf
return await f(*args, **kwargs)
File “/usr/local/lib/python3.8/site-packages/middlewared/plugins/activedirectory.py”, line 513, in do_update
raise ValidationError(
middlewared.service_exception.ValidationError: [EFAULT] activedirectory_update.bindpw: Failed to validate bind credentials:

2

Guys, there is just one WAY. It’s reset to defaults and set everything agian and import POOLS. I’ve tried change it directly on SQLite3, I’ve tried for hours… but, after lost my hope… I’ve restart defaults and import pools and set everything in less than 30 mins. So, if you have any DS-AD issue in future, don’t waste your time…

Cheers.

3

I was also experiencing that same issue after an upgrade from FreeNAS to TrueNAS… Like you I was almost at the point of just re-installing everything.

But in my testing there was something that bugged me. I was able to connect to the AD with another TrueNAS server I had in my network… No issue at all, everything was working perfectly. I was like, is there something cached from the migration from FreeNAS or something??

I created a new user on the AD and used that user on the problematic TrueNAS instance… And everything started to work again… Joined the AD and everybody is now happy.

My ‘guess’, something got cached/corrupted/not properly migrated in the migration and even when re-entering everything it was not working until you used a new user that flushed the prior data.