Joining Active Directory Error

bartqn4

Hi everyone,

Im kinda new to TrueNAS and I'm working on a small proof of concept for school.

I'm stuck with one problem: When I'm trying to join my domain it gives this error:

I can ping the domain and the domain controller.

Anyone knows a fix?

anodos · Dec 9, 2021

What version is this?

bartqn4 · Dec 9, 2021

Samuel Tai · Dec 9, 2021

What's the full version? 12.0 doesn't tell us that much.

bartqn4 · Dec 9, 2021

CORE 12.0
Is that the full version name?

Samuel Tai · Dec 9, 2021

What does the version show in System Information widget in the Dashboard? We're looking for something like 12.0-U7.

bartqn4 · Dec 9, 2021

12.0-U5

Samuel Tai · Dec 9, 2021

For the domain account name, try just the account without the domain in front. It's probably prepending the domain in front of your domain\account, so of course there won't be an account matching domain\domain\account.

anodos · Dec 9, 2021

update to U7, there is a critical winbindd security vulnerability in U5, otherwise Samuel Tai is right. Later versions also have better error reporting.

bartqn4 · Dec 9, 2021

I tried that already, didn't work

bartqn4 · Dec 10, 2021

Did this, same error. Should be something with the domain account then right?

Samuel Tai · Dec 10, 2021

Are you leaving the \ in front of the account?

bartqn4 · Dec 10, 2021

Both not working, so DOMAIN\Administrator and Administrator not working

Samuel Tai · Dec 10, 2021

How is your domain set up? This smells like password authentication for Administrator has been disabled.

Also, have you looked at the manual? https://www.truenas.com/docs/core/directoryservices/activedirectory/

You've already stated DNS is working. How about NTP? Are you sync'ed to the DC? Are you using the NetBIOS domain or the DNS domain for your forest?

bartqn4 · Dec 10, 2021

Yes, NTP is enabled. I think I'm using the DNS domain.
How do I check password authentication option?

anodos · Dec 10, 2021

The particular place you're failing at is when we try to kinit to get a kerberos ticket. You can try to kinit from CLI by running command `kinit administrator@fqdn`. It might give more useful information.

bartqn4 · Dec 10, 2021

I haven't set up Kerberos or anything tho, should I do that? Kinda new to this stuff.

Samuel Tai · Dec 10, 2021

AD requires Kerberos. No wonder it's not working. You're just trying to join an ordinary domain.

bartqn4 · Dec 10, 2021

Thanks! Will try that tomorrow

anodos · Dec 10, 2021

In theory if you have properly-functioning DNS, the OS kerberos client should allow you to kinit if you specify the FQDN. This probably indicates a DNS issue. Perhaps relevant SRV records for kerberos are not able to be queried through the configured nameservers.

Active Directory Auditing Tool

Active Directory: Add a Domain Controller to PowerShell

Add a domain to the Active Directory

Add a Mapped Drive to a User Profile Using GPO

Add all users in OU to security group

Add Extension Attribute to User

ADSI Purge

Change Windows Desktop Background Using Group Policy

Checking Active Directory Domain Controller Health and Replication

Clean Up Server Metadata

CONFIGURE NTP TIME SYNC USING GROUP POLICY

Create a Group to Assign Permissions to Access Files

Create WMI Filters for the GPO

Cross Forest Resource Security

Demote or Promote Domain Controller

Determine AD forest and domain level

Disable "These files might be harmful to your computer" warning?

Disabling and Enabling Outbound Replication

Domain Controller DNS Best Practice

Domain Trust

Force reinstall of applications deployed by software GPO after uninstall

Get Password Info

How To Add Local Administrators via GPO (Group Policy)

How to Audit User Account Changes in Active Directory

How to Change the Default Lock Screen Image using GPO

How to create and manage the Central Store for Group Policy Administrative Templates in Windows

How to Disable NTLM Authentication in Windows Domain

How to Export Active Directory Users to CSV and Build Reports

How to find the source of failed logon attempts

How To Fix Group Policy: Error Windows could not determine if the user and computer accounts are in the same forest

How to install and configure Microsoft LAPS

How to Remove (Demote) a Domain Controller in Active Directory

How to Remove (Demote) a Domain Controller in Active Directory

How to store BitLocker keys in Active Directory

Joining Active Directory Error

Keytab file

LAPS_OperationsGuide

Migrate user domain profile from one domain to another domain

Modify Group Policy's refresh interval

Move FSMO Roles

Move-ADDirectoryServerOperationMasterRole

Netlogon Logging

Powershell export AD users in OU to CSV

Rejoining an "untrusted" workstation and primary domain

Rename Domain

repadmin

Repairing Broken Trust Relationship Between Workstation and AD Domain

Restore Default Domain Policy

Securing Active Directory: Who can add computers to the domain? Only the domain admin?

Security Groups

Step-By-Step: Manually Removing A Domain Controller Server

USER PROFILES AND USER FOLDERS REDIRECTION USING GPO

Using NTDSUTIL Metada Cleanup to Remove a Failed/Offline Domain Controller Object.

Wrong error message for missing .adml files

Transferring/Seizing FSMO Roles to Another Domain Controller

Raise domain and forest functional levels in Active Directory Domain Services

7zip Command Line

Add user to Administrators Group

Choice Command

CMD Line Admin

CMD Line Registry Delete

Configure TCP/IP from the Command Prompt

DNS Change Via CMD Line

Enable Remote Desktop Via Command Line

Hyper-V

Invalid H:\ Drive

Network Share Folder

Remote GPResult

Run Commands

Test if Computer is Azure Joined

Windows Activation Post Azurre Migration

Windows S.M.A.R.T Check

Check Installed Drive Type

Check type of computer

Change power settings

Clear DFS Problems

DFS Backlog Check

DFS Checker

DFS Checker client install and setup

DFS Checker Configuration Settings