I’m having the same problem happnatious1 is. This is actually a brand new TrueNAS unit from ixSystems running FreeNAS 11.0U2, so it’s the latest and greatest. Just formatted this morning. This is also running a brand-new fresh install of Nethserver.
In fact I also can’t set my domain name as suggested by fausp, I have to use ad.mydomain.nz (this is in fact set as the or FreeNAS complains with Unable to find domain controllers for mydomain.nz. Once I have the domain set correctly, leaving the Encryption set to Off results in the error as described by happnatious, in red at the top of that same page. Setting Encryption to TLS, results in a different error message, returned a result with an error set.
I have actually raised a Bug with FreeNAS because this exception has also made Kerberos unable to start, so I’m not sure if this is actually a fundamental problem.
I’m very interested in replicating the experience you’re having, fausp, of being able to join a FreeNAS 11 box to Nethserver. I’ll try fresh with virtual machines and see if that matters.
I haven’t imported TLS cert yet, I’ll try that too.
Please realize that the DC is NOT on the IP that the Nethserver uses. It is actually on the IP of Nethserver +1
This royally screwed me over for half a day.
I have no issues at all getting Free- or TrueNAS to utilize tha SAMBA4 AD running on Nethserver. I do not even require encryption atm.
If you want to make sure that you use the right IP, set your DNS server on True/FreeNAS to the Nethserver, and use **ntds-**nethserver-fqdn as the hostname.
I do have the DNS server on FreeNAS set to the Nethserver, and I’m able to ping ad.mydomain.nz and it comes back as what I set as the AD controller’s IP, and I’m also able to ping nethserver.mydomain.nz and it comes back as what I set as Nethserver’s IP.
When you say, “use ntds-nethserver-fqdn as the hostname”, I’m not clear on what you mean. Is it possible you provide screenshots of your FreeNAS config pages?
Clarifying questions: 1. what field do you mean when you say hostname? There is no such field under Directory Service > Active Directory, nor its Advanced fields. I’ve tried to follow your convention for this hostname in varoius fields but they’re rejected on varoius grounds (can’t find AD server, invalid host/port) although ad.mydomain.nz works as domain and nsdc-nethserver.ad.mydomain.nz works in the Domain Controller field, but I still get the BindSimple error with Encryption being set to off.
I am not able to atm, I will add a couple of screenshots tomorrow. I AM running the iX Systems brands of True- and FreeNAS, but I can not imagine that will make much difference in this regard.
Ping me if I forget … time is a scarce thing and my head good for draining spaghetti.
Active Directory places restrictions on which characters are allowed in Domain and NetBIOS names, a limits the length of those names to 15 characters. If there are problems connecting to the realm, verify that your settings do not include any disallowed characters. Also, the Administrator account password cannot contain the $ character. If a $ exists in the domain administrator’s password, kinit will report a “Password Incorrect” error and ldap_bind will report an “Invalid credentials (49)” error.
i actuall don’t think this is the problem - the MS documentation suggests the netbios name is limited to 15 characters (which mine is definitely less than) but that dns hostname is OK up to bytes in length, and that the fqdn is ok up to 150+ bytes.
i’ll try anyway with an extremely short netbios name and domain, but it would surprise me if all companies using active directory have to restrict themselves so carefully on naming their machines. i literally just anmed the domain after the company, and included their TLD. company name is 7 characters, domain is 6 including the fullstops.
Found another Technet article, saying domain names are up to 64 chars.
Fully qualified domain names (FQDNs) in Active Directory cannot exceed 64 characters in total length
NetBIOS computer and domain names are limited to 15 characters.
Domain Name System (DNS) host names are limited to 24 characters.
Well, i read a little different…
FDQN of the server (host.domain.ext) can be 64 char.
hostname of the server can be up to 24 chars
As usual, NetBios names (computer and Domain) must be up to 15 as usual
fwiw: fresh VM install of latest freenas and nethesis, exact same behavior as outlined above using typical domain for company, which is as an example october.co.nz.
i changed two major things in the next test (doh) using zentyal latest and tglo.af as domain, freenas joined successfully.
next i’m installing another new nethserver with tglo.af as test domain. will let you know.
i had already built a new nethserver, ha. the touchless install is very handy. i wanted to keep the old config around anyway because i suspected it’s not the domain length, so hoping to find some other way to make this work.
i’ve now replicated this in three different configs with fresh installs of everything on two virtualization systems. xenserver and proxmox.
freenas 11 will not join my nethserver domain, no matter how short the domain is. right now my domain is ad.tglo.af and freenas is still reporting the bindsimple error.
can i provide logs or outputs of anything in order to narrow down what’s going wrong? i feel like i’ve taken all the defaults.
and, would somebody be able to please try to replicate this, and if you can get a fresh freenas 11 to join a fresh nethserver, provide the same logs/outputs?
i have a tar of the /var/log/samba directory on the container, but don’t know how to get it out of the container. the /var/log/samba directory only has an “old” directory in it on the nethserver.