Host Is Not Configured As A Member Server

+access +cache +disk +nfs +shares +smb +subdoer +supermicro +webdav +zilstat 10GB 11.1-U6 winbindd 11.1-u6 11.2 11.2-RC1 11.2-RC2 11.2-RELEASE 11.2-U1 11.2-u2 2.93 75648 9.2.1.9. Active Directory accessibility accessibility acl acpi shutdown ad afp afs

I have actually 9.2.7 to run fine in mine environment. Invited 9.3 Stable and lost conductivity to my domain. Saw numerous bugs top top this issue, so ns updated come the latest steady version and also tried again. I deserve to ping domain server. Included windows shares and allowed cifs. I can see the server and view re-superstructure via windows, however can"t authenticate. Trying to load energetic directory service fails to start. I"m in combined 2003/2008 mode and changed the gp info accordingly with no help. I complied with the troubleshooting info and also can view the srv records for the domain controllers. Ns tried the manual commands at the bottom and receive the error below.

You are watching: Host is not configured as a member server

FreeNAS-9.3-STABLE-201412312006

Welcome come FreeNASfreenas> ~# sqlite3 /data/freenas-v1.db "update directoryservice_activedirectory collection ad_enable=1;" freenas> ~# echo $?0freenas> ~# company ix-kerberos startfreenas> ~# business ix-nsswitch startfreenas> ~# organization ix-kinit startfreenas> ~# organization ix-kinit statusfreenas> ~# klistCredentials cache: FILE:/tmp/krb5cc_0 Principal: tsradmin
BENSON-FAMILY.LOCAL

Issued Expires PrincipalJan 5 15:24:57 january 6 01:24:57 krbtgt/BENSON-FAMILY.LOCAL
BENSON-FAMILY.LOCALfreenas> ~# python /usr/local/www/freenasUI/middleware/notifier.py begin cifsTruefreenas> ~# business ix-activedirectory startFalseFailed to leaving domain: can not to having domain sid: room we joined?winbindd not running? (check /var/run/samba/winbindd.pid).smbd no running? (check /var/run/samba/smbd.pid).nmbd not running? (check /var/run/samba/nmbd.pid).freenas> ~# company ix-activedirectory statusfreenas> ~# echo $?1freenas> ~# python /usr/local/www/freenasUI/middleware/notifier.py restart cifsFalsefreenas> ~# company ix-pam startfreenas> ~# business ix-cache start &<1> 10338Any assist on this instance would be appreciated.

History

#1 to update by Jordan hubbard over 6 years earlier Category collection to 36 Assignee set to john Hixson Target version collection to Unspecified
#2 to update by man Hixson end 6 years back Status readjusted from Unscreened come Screened
#3 updated by Stephen Benson end 6 years back

#4 updated by man Hixson over 6 years ago Status adjusted from Screened come 15

Can you shot to enable advertisement from the UI, then attach /var/log/messages and /var/log/debug.log come this ticket please?

#5 update by Stephen Benson end 6 years earlier File debug.log added File messages added

Attached room log documents you requested.

#6 updated by john Hixson end 6 years earlier

Stephen Benson wrote:

Attached are log papers you requested.

It"s failing at ix-activedirectory. Deserve to you change /etc/ix.rc.d/ix-activedirectory to have "set -x" at the top? (right after #!/bin/sh). Afterwards, run this native the command line:

sh /etc/directoryservice/ActiveDirectory/ctl start

Post the results to this ticket.

#7 update by Stephen Benson over 6 years ago File test.log included

Attached is the record with the calculation from above command.

#8 update by man Hixson end 6 years ago

Stephen Benson wrote:

Attached is the file with the output from over command.

The sign up with is timing out. Have the right to you bump up the timeout worths in your ad config? try setting them in ~ 60 and let me understand if the fixes this.

#9 update by Stephen Benson end 6 years earlier File test.log included

Looks choose same an outcome with 60 sec. Timeout.

#10 to update by john Hixson over 6 years ago

Stephen Benson wrote:

Looks favor same result with 60 sec. Timeout.

The document you"ve enclosed is still set to 10 seconds. Can you verify the both "AD timeout" and "DNS timeout" in your active Directory construction are set to 60?

#11 to update by man Hixson over 6 years ago

John Hixson wrote:

Stephen Benson wrote:

Looks prefer same result with 60 sec. Timeout.

The record you"ve enclosed is still collection to 10 seconds. Deserve to you verify that both "AD timeout" and "DNS timeout" in your active Directory construction are set to 60?

And just in case, crank these approximately 60, climate click "Save" however without "enable" being clicked. When it saves, then shot and click "enable" and "save".

#12 update by Stephen Benson over 6 years earlier File test.log added

According to the gui it shows 60 because that each. Here"s the output again.

#13 updated by Stephen Benson over 6 years earlier

I have actually left site name blank in the progressed settings, could these be in search of a website name? I have a home domain setup utilizing default-first-site-name in advertisement Sites and also Services. Likewise don"t have actually a Kerberos Keytab set in advanced. Simply checking various other configs, in 9.2.1.7 I use the basic setup and everything clicks simply fine.

#14 to update by man Hixson over 6 years earlier

Stephen Benson wrote:

I have left site name empty in the advanced settings, could these be looking for a site name? I have actually a residence domain setup utilizing default-first-site-name in advertisement Sites and also Services. Likewise don"t have a Kerberos Keytab collection in advanced. Just checking various other configs, in 9.2.1.7 I usage the straightforward setup and everything clicks simply fine.

What the paper shows is tho 10 seconds. Have the right to you operation this native the command line and post the calculation to this ticket please?

sqlite3 /data/freenas-v1.db "select ad_timeout, ad_dns_timeout indigenous directoryservice_activedirectory;"

#15 to update by Stephen Benson over 6 years back

Comes back 60|60

#16 update by man Hixson end 6 years ago

Stephen Benson wrote:

Comes earlier 60|60

Can you affix /etc/directoryservice/ActiveDirectory/config come this ticket?

#17 to update by Stephen Benson over 6 years earlier

Config is empty - 0B as soon as opened in notepad.

#18 update by man Hixson end 6 years ago

Stephen Benson wrote:

Config is north - 0B once opened in notepad.

Do this native the command line:

adtool acquire config_file

Post output to this ticket please.

#19 update by Stephen Benson over 6 years ago

ad_bindname=tsradminad_domainname=benson-family.localad_netbiosname=BENSON-FAMILYad_basedn=DC=benson-family,DC=localad_binddn=tsradmin
BENSON-FAMILY.LOCALad_site=ad_dcname=tsr-dc8r2.benson-family.localad_dchost=tsr-dc8r2.benson-family.localad_dcport=389ad_gcname=tsr-dc8r2.benson-family.localad_gchost=tsr-dc8r2.benson-family.localad_gcport=3268ad_krbname=tsr-dc8r2.benson-family.local:88ad_krbhost=tsr-dc8r2.benson-family.localad_krbport=88ad_kpwdname=tsr-dc8r2.benson-family.local:464ad_kpwdhost=tsr-dc8r2.benson-family.localad_kpwdport=464ad_krb_realm=BENSON-FAMILY.LOCALad_krb_kdc=tsr-dc8r2.benson-family.localad_krb_admin_server=tsr-dc8r2.benson-family.localad_krb_kpasswd_server=tsr-dc8r2.benson-family.localad_keytab_name=ad_keytab_principal=ad_keytab_file=ad_timeout=60ad_dns_timeout=60ad_ssl=offad_unix_extensions=0

#20 updated by john Hixson end 6 years ago

Stephen Benson wrote:

ad_bindname=tsradminad_domainname=benson-family.localad_netbiosname=BENSON-FAMILYad_basedn=DC=benson-family,DC=localad_binddn=tsradmin
BENSON-FAMILY.LOCALad_site=ad_dcname=tsr-dc8r2.benson-family.localad_dchost=tsr-dc8r2.benson-family.localad_dcport=389

Okay. Everything looks good. Have the right to you do this:

rm -f /etc/directoryservice/ActiveDirectory/configsh /etc/directoryservice/ActiveDirectory/ctl stopsh /etc/directoryservice/ActiveDirectory/ctl start

Post the results here

ad_gcname=tsr-dc8r2.benson-family.localad_gchost=tsr-dc8r2.benson-family.localad_gcport=3268ad_krbname=tsr-dc8r2.benson-family.local:88ad_krbhost=tsr-dc8r2.benson-family.localad_krbport=88ad_kpwdname=tsr-dc8r2.benson-family.local:464ad_kpwdhost=tsr-dc8r2.benson-family.localad_kpwdport=464ad_krb_realm=BENSON-FAMILY.LOCALad_krb_kdc=tsr-dc8r2.benson-family.localad_krb_admin_server=tsr-dc8r2.benson-family.localad_krb_kpasswd_server=tsr-dc8r2.benson-family.localad_keytab_name=ad_keytab_principal=ad_keytab_file=ad_timeout=60ad_dns_timeout=60ad_ssl=offad_unix_extensions=0

#21 updated by Stephen Benson end 6 years earlier File start.log included File stop.log added

Attached logs because that each command

#22 update by john Hixson over 6 years earlier

Stephen Benson wrote:

Attached logs because that each command

Even at 60 seconds, it"s timing out. More commands because that you to run ;-)

sqlite3 /data/freenas-v1.db "update directoryservice_activedirectory set ad_enable=1" company ix-kerberos startservice ix-nsswitch startservice ix-kinit startklist # friend should have actually a kerberos ticket giving ticket

/usr/local/bin/net -k ads join benson-family.local -S tsr-dc8r2.benson-family.local -p 389echo $? # this need to be 0

I"m curious what the network ads sign up with does. That appears to be whereby things space failing here.

#23 update by Stephen Benson over 6 years earlier

freenas> /# company ix-kerberos startfreenas> /# service ix-nsswitch startfreenas> /# organization ix-kinit startfreenas> /# klistCredentials cache: FILE:/tmp/krb5cc_0 Principal: tsradmin
BENSON-FAMILY.LOCAL

Issued Expires PrincipalJan 7 22:36:40 january 8 08:36:40 krbtgt/BENSON-FAMILY.LOCAL
BENSON-FAMILY.LOCALfreenas> /# /usr/local/bin/net -k ads join benson-family.local -S tsr-dc8r2.benson-family.local -p 389Host is no configured together a member server.Invalid configuration. Exiting....Failed to join domain: This procedure is only allowed for the PDC of the domain.freenas> /#
#24

to update by man Hixson end 6 years earlier
Stephen Benson wrote:

freenas> /# business ix-kerberos startfreenas> /# company ix-nsswitch startfreenas> /# service ix-kinit startfreenas> /# klistCredentials cache: FILE:/tmp/krb5cc_0Principal: tsradmin
BENSON-FAMILY.LOCAL

Issued Expires PrincipalJan 7 22:36:40 jan 8 08:36:40 krbtgt/BENSON-FAMILY.LOCAL
BENSON-FAMILY.LOCALfreenas> /# /usr/local/bin/net -k ads sign up with benson-family.local -S tsr-dc8r2.benson-family.local -p 389Host is no configured as a member server.Invalid configuration. Exiting....Failed to sign up with domain: This procedure is only allowed for the PDC of the domain.freenas> /#

I goofed. Operation these regulates again:sqlite3 /data/freenas-v1.db "update directoryservice_activedirectory set ad_enable=1" business ix-kerberos startservice ix-nsswitch startservice ix-kinit startklist # friend should have a kerberos ticket granting ticket

service ix-pre-samba start

/usr/local/bin/net -k ads join benson-family.local -S tsr-dc8r2.benson-family.local -p 389echo $? # this should be 0

#25 update by Stephen Benson over 6 years back

Worked this time..freenas> /# sqlite3 /data/freenas-v1.db "update directoryservice_activedirectory collection ad_enable=1" freenas> /# company ix-kerberos startfreenas> /# business ix-nsswitch startfreenas> /# business ix-kinit startfreenas> /# klistCredentials cache: FILE:/tmp/krb5cc_0 Principal: tsradmin
BENSON-FAMILY.LOCAL

Issued Expires PrincipalJan 7 22:36:40 january 8 08:36:40 krbtgt/BENSON-FAMILY.LOCAL
BENSON-FAMILY.LOCALfreenas> /# organization ix-pre-samba startfreenas> /# /usr/local/bin/net k ads sign up with benson-family.local -S tsr-dc8r2.benson-family.local -p 389Using short domain name - BENSON-FAMILYJoined "FREENAS" to dns domain "benson-family.local"freenas> /# echo $?0freenas> /#
#26

updated by man Hixson end 6 years ago
Stephen Benson wrote:

Worked this time..freenas> /# sqlite3 /data/freenas-v1.db "update directoryservice_activedirectory set ad_enable=1" freenas> /# service ix-kerberos startfreenas> /# service ix-nsswitch startfreenas> /# company ix-kinit startfreenas> /# klistCredentials cache: FILE:/tmp/krb5cc_0Principal: tsradmin
BENSON-FAMILY.LOCAL

Issued Expires PrincipalJan 7 22:36:40 january 8 08:36:40 krbtgt/BENSON-FAMILY.LOCAL
BENSON-FAMILY.LOCALfreenas> /# business ix-pre-samba startfreenas> /# /usr/local/bin/net k ads join benson-family.local -S tsr-dc8r2.benson-family.local -p 389Using brief domain surname - BENSON-FAMILYJoined "FREENAS" to dns domain "benson-family.local"freenas> /# echo $?0freenas> /#

If it"s working from the command line, it need to be working from the UI. Have the right to you try from the UI now? prior to doing so, operation this native the command line:

sh /etc/directoryservice/ActiveDirectory/ctl stop

Let me understand if it functions from the UI

#27 to update by Stephen Benson end 6 years ago

Thanks John. Operated from UI as well. Wbinfo -u gets usernames fine together well. All go now.

Did you find anything certain that to be to reprimand or was it user error on mine side?

I to be on a check VM doing this an insect fixing and I"m looking at upgrading my house server, yet want come make certain it will work before I do. I tried 9.3 steady on that server critical week, as I had a drive issue, but had same problem joining.

Thanks again.

#28 to update by man Hixson over 6 years ago

Stephen Benson wrote:

Thanks John. Worked from UI together well. Wbinfo -u gets usernames fine as well. All walk now.

Did you uncover anything particular that to be to reference or was it user error on my side?

The just thing that I experienced was the sign up with timing out. As soon as you bumped up the timeout come 60 seconds, that makes everything work ;-)

I am on a test VM law this an insect fixing and also I"m looking in ~ upgrading my house server, yet want come make certain it will work prior to I do. I tried 9.3 secure on that server critical week, together I had actually a journey issue, yet had same problem joining.

What problems? to be it the same issue? have you tried to bump up the timeouts come 60 seconds on that too ?

Thanks again.

#29 update by Stephen Benson over 6 years ago

Yes I had actually the same concern on my manufacturing machine, reverted back to 9.2.1.7 ~ above that. Ns will begin a fresh vm and try again come duplicate with timeouts in ~ 10 using an easy UI settings. If it stops working to start I will bump increase time outs and also see if that fixes it.

Thanks again because that the time.

#30 to update by john Hixson end 6 years back Status changed from 15 to fixed

Stephen Benson wrote:

Yes I had actually the same problem on my production machine, reverted earlier to 9.2.1.7 on that. I will start a fresh vm and try again come duplicate v timeouts in ~ 10 using an easy UI settings. If it stops working to begin I will bump increase time outs and see if it fixes it.

Thanks again for the time.

See more: Palace Interior La Casa De Las Cortinas, Window Treatment Services In Florida

No problem. Since this was a timeout issue, I"m close up door this ticket out. If you have any new issues please open up a brand-new ticket ;-).

#31 update by Kris Moore around 5 years back Target version adjusted from Unspecified to N/A
#32 to update by Dru Lavigne virtually 4 years back File turned off (messages)
#33 updated by Dru Lavigne virtually 4 years ago File turned off (debug.log)
#34 update by Dru Lavigne practically 4 years earlier File turned off (test.log)
#35 updated by Dru Lavigne almost 4 years earlier File deleted (test.log)
#36 updated by Dru Lavigne nearly 4 years back File deleted (test.log)
#37 to update by Dru Lavigne virtually 4 years back File deleted (stop.log)
#38 update by Dru Lavigne virtually 4 years ago File turned off (start.log)

Also easily accessible in: Atom PDF