Problem joining active directory - NT_STATUS_NO_SUCH_DOMAIN

[switlikbob]

I am trying to get AD integration working, but kinit won't work without modifying the krb5.conf file manually:
kinit: krb5_get_init_creds: unable to reach any KDC in realm NJDOL.AD.DOL

I made a bunch of changes and got things to the point where I had a kerberos ticket and tried to join the AD domain, but I get errors like: kerberos_kinit_password failed client not found kerberos database and on the join, I get:failed to set machine spn. I uploaded the diagnostic log.

[switlikbob]

debug log

[switlikbob]

Forgot to mention, I had no idea that all my changes would be reverted on reboot, so things are back to how they were initially, AD service won't start.

[gcooper]

Did it work before in previous versions of FreeNAS and it doesn't now, or did it not work in general?

Also, if you need to make modifications to the base system that survive reboots, you can edit the file in /conf/base/etc/rc.d/ix-kerberos (I'm assuming that's the script you edited).

[switlikbob]

I never tried AD integration with freenas until today. I was using some configs from my linux box to make changes to the krb5.conf file as well as the smb.conf file. They seemed to get me further, but never 100%. It seems like the freenas box isn't able to talk to the active directory KDC realm for some reason. Thanks for the info on the location of the editable scripts. I was editing them right from /etc. I will get the system back to where it was earlier and then update the ticket with spn error when i try to join the AD domain.

[switlikbob]

results of attempting to join the AD domain - server and domain names changed

[switlikbob]

I got kinit and klist working. When I try to join the domain, I am still getting:
error_string : 'failed to set machine spn: Constraint violation'
domain_is_ad : 0x01 (1)
result : WERR_GENERAL_FAILURE
Failed to join domain: failed to set machine spn: Constraint violation

[switlikbob]

I just found out that the freenas server had an account in AD somehow. I removed the computer accoutn from AD, and now the kinit doesn't work:
ads_krb5_mk_req: krb5_cc_get_principal failed (No such file or directory)
ads_sasl_spnego_krb5_bind failed with: No such file or directory, calling kinit
kerberos_kinit_password: as FREENAS$@DOMAINNAME using [MEMORY:net_ads] as ccache and config var/db/samba/smb_krb5/krb5.conf.DOMAINNAME
kerberos_kinit_password FREENAS$@DOMAINNAME failed: Client not found in Kerberos database
Join to domain is not valid: Improperly formed account name
return code = -1

[switlikbob]

I did kdestroy and got kinit working again:
klist>
Credentials cache: FILE:/tmp/krb5cc_0

Principal: admin@DOMAINNAME

Issued Expires Principal

Mar 21 13:57:14 Mar 21 23:57:14 krbtgt/DOMAINANAME@DOMAINNAME

I then did:
net ads testjoin
Join is OK

But I still get this with "net ads join -U admin -d 10":
modified_config : 0x00 (0)

error_string : 'failed to set machine spn: Constraint violation'
domain_is_ad : 0x01 (1)
result : WERR_GENERAL_FAILURE

Failed to join domain: failed to set machine spn: Constraint violation
return code = -1

However, the machine shows up in Active Directory again.

wbinfo gives me:
wbinfo -u
FREENAS\root

[william]

Can you give it a shot with 8.2.0, there have been a few improvements in that matter.

Thanks

[william]

Closing for timeout.

Feel free to reopen if you have anything to add