ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    FreeNAS 9.10 Intermittent Active Directory Connection Issues

    IT Discussion
    freenas freebsd storage active directory ntp
    2
    4
    1.6k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • scottalanmillerS
      scottalanmiller
      last edited by

      Posting on behalf of @HelloWill

      We have a FreeNAS (9.10.2) box that is connected to Windows Active Directory.

      We've been having issues such that users are unable to connect to CIFS shares. When they attempt to login, they get an "access denied" error and are prompted to re-enter credentials. The credentials entered are correct, and the user has permissions to access the shares.

      It started with one user, and we were able to replicate the problem on every computer we tested using her credentials. However, on the same machines, logging in with another user's login and password worked fine.

      Now the issue is affecting more than 1 user an becoming a big issue. It has been happening off and on for a week now.

      Originally, we discovered the time was out of sync and fixed that issue by fixing NTP and disconnecting / rejoining the FreeNAS box to the domain which fixed the issue but it seems it was temporary.

      Current error:

      [2017/02/17 09:20:39.762291,  1] ../source3/auth/auth_generic.c:127(auth3_generate_session_info_pac)
Failed to map kerberos pac to server info (NT_STATUS_UNSUCCESSFUL)
[2017/02/17 09:20:41.168736,  1] ../source3/auth/token_util.c:430(add_local_groups)
SID S-1-5-21-1393113601-3259814849-2442191995-1246 -> getpwuid(21246) failed
[2017/02/17 09:20:41.168841,  1] ../source3/auth/auth_generic.c:127(auth3_generate_session_info_pac)
Failed to map kerberos pac to server info (NT_STATUS_UNSUCCESSFUL)
[2017/02/17 09:20:42.361410,  1] ../source3/auth/token_util.c:430(add_local_groups)
SID S-1-5-21-1393113601-3259814849-2442191995-1246 -> getpwuid(21246) failed
[2017/02/17 09:20:42.361484,  1] ../source3/auth/auth_generic.c:127(auth3_generate_session_info_pac)
Failed to map kerberos pac to server info (NT_STATUS_UNSUCCESSFUL)
      1 Reply Last reply Reply Quote 1
      • momurdaM
        momurda
        last edited by

        Is this the same issue you posted last week?
        What is the domain level?
        Not sure if freebsd has getent
        what does
        getent group "domain\\Domain Users" or getent group "domain\\groupthataccessesshare"
        return?

        1 Reply Last reply Reply Quote 1
        • scottalanmillerS
          scottalanmiller
          last edited by

          Same system, different issue. In theory, at least.

          1 Reply Last reply Reply Quote 0
          • scottalanmillerS
            scottalanmiller
            last edited by

            FreeBSD does have getent.

            1 Reply Last reply Reply Quote 0
            • 1 / 1
            • First post
              Last post