Joining Active Directory Error https://www.truenas.com/community/threads/joining-active-directory-error.97316/ Hi everyone, Im kinda new to TrueNAS and I'm working on a small proof of concept for school. I'm stuck with one problem: When I'm trying to join my domain it gives this error: I can ping the domain and the domain controller. Anyone knows a fix? anodos Sambassador iXsystems Joined Mar 6, 2014 Messages 9,407 Dec 9, 2021 #2 What version is this? SMB Permissions Overview B bartqn4 Dabbler Joined Dec 9, 2021 Messages 10 Dec 9, 2021 #3 anodos said: What version is this? 12.0 Samuel Tai Never underestimate your own stupidity Moderator Joined Apr 24, 2020 Messages 5,357 Dec 9, 2021 #4 What's the full version? 12.0 doesn't tell us that much. Show :  13.0-U5.3 build, running since 9.3 (2015) B bartqn4 Dabbler Joined Dec 9, 2021 Messages 10 Dec 9, 2021 #5 Samuel Tai said: What's the full version? 12.0 doesn't tell us that much. CORE 12.0 Is that the full version name? Samuel Tai Never underestimate your own stupidity Moderator Joined Apr 24, 2020 Messages 5,357 Dec 9, 2021 #6 bartqn4 said: CORE 12.0 Is that the full version name? What does the version show in System Information widget in the Dashboard? We're looking for something like 12.0-U7. Show :  13.0-U5.3 build, running since 9.3 (2015) B bartqn4 Dabbler Joined Dec 9, 2021 Messages 10 Dec 9, 2021 #7 Samuel Tai said: What does the version show in System Information widget in the Dashboard? We're looking for something like 12.0-U7. 12.0-U5 Samuel Tai Never underestimate your own stupidity Moderator Joined Apr 24, 2020 Messages 5,357 Dec 9, 2021 #8 For the domain account name, try just the account without the domain in front. It's probably prepending the domain in front of your domain\account, so of course there won't be an account matching domain\domain\account. Show :  13.0-U5.3 build, running since 9.3 (2015) anodos Sambassador iXsystems Joined Mar 6, 2014 Messages 9,407 Dec 9, 2021 #9 12.0-U5 update to U7, there is a critical winbindd security vulnerability in U5, otherwise Samuel Tai is right. Later versions also have better error reporting. SMB Permissions Overview B bartqn4 Dabbler Joined Dec 9, 2021 Messages 10 Dec 9, 2021 #10 Samuel Tai said: For the domain account name, try just the account without the domain in front. It's probably prepending the domain in front of your domain\account, so of course there won't be an account matching domain\domain\account. I tried that already, didn't work B bartqn4 Dabbler Joined Dec 9, 2021 Messages 10 Dec 10, 2021 #11 anodos said: update to U7, there is a critical winbindd security vulnerability in U5, otherwise Samuel Tai is right. Later versions also have better error reporting. Did this, same error. Should be something with the domain account then right? Samuel Tai Never underestimate your own stupidity Moderator Joined Apr 24, 2020 Messages 5,357 Dec 10, 2021 #12 Are you leaving the \ in front of the account? Show :  13.0-U5.3 build, running since 9.3 (2015) B bartqn4 Dabbler Joined Dec 9, 2021 Messages 10 Dec 10, 2021 #13 Samuel Tai said: Are you leaving the \ in front of the account? Both not working, so DOMAIN\Administrator and Administrator not working Samuel Tai Never underestimate your own stupidity Moderator Joined Apr 24, 2020 Messages 5,357 Dec 10, 2021 #14 How is your domain set up? This smells like password authentication for Administrator has been disabled. Also, have you looked at the manual?  https://www.truenas.com/docs/core/directoryservices/activedirectory/ You've already stated DNS is working. How about NTP? Are you sync'ed to the DC? Are you using the NetBIOS domain or the DNS domain for your forest? Show :  13.0-U5.3 build, running since 9.3 (2015) B bartqn4 Dabbler Joined Dec 9, 2021 Messages 10 Dec 10, 2021 #15 Samuel Tai said: How is your domain set up? This smells like password authentication for Administrator has been disabled. Also, have you looked at the manual?  https://www.truenas.com/docs/core/directoryservices/activedirectory/ You've already stated DNS is working. How about NTP? Are you sync'ed to the DC? Are you using the NetBIOS domain or the DNS domain for your forest? Yes, NTP is enabled. I think I'm using the DNS domain. How do I check password authentication option? anodos Sambassador iXsystems Joined Mar 6, 2014 Messages 9,407 Dec 10, 2021 #16 The particular place you're failing at is when we try to kinit to get a kerberos ticket. You can try to kinit from CLI by running command `kinit administrator@fqdn`. It might give more useful information. SMB Permissions Overview B bartqn4 Dabbler Joined Dec 9, 2021 Messages 10 Dec 10, 2021 #17 anodos said: The particular place you're failing at is when we try to kinit to get a kerberos ticket. You can try to kinit from CLI by running command `kinit administrator@fqdn`. It might give more useful information. I haven't set up Kerberos or anything tho, should I do that? Kinda new to this stuff. Samuel Tai Never underestimate your own stupidity Moderator Joined Apr 24, 2020 Messages 5,357 Dec 10, 2021 #18 AD  requires  Kerberos. No wonder it's not working. You're just trying to join an ordinary domain. Show :  13.0-U5.3 build, running since 9.3 (2015) B bartqn4 Dabbler Joined Dec 9, 2021 Messages 10 Dec 10, 2021 #19 Samuel Tai said: AD  requires  Kerberos. No wonder it's not working. You're just trying to join an ordinary domain. Thanks! Will try that tomorrow anodos Sambassador iXsystems Joined Mar 6, 2014 Messages 9,407 Dec 10, 2021 #20 AD  requires  Kerberos. No wonder it's not working. You're just trying to join an ordinary domain. In theory if you have properly-functioning DNS, the OS kerberos client should allow you to kinit if you specify the FQDN. This probably indicates a DNS issue. Perhaps relevant SRV records for kerberos are not able to be queried through the configured nameservers. SMB Permissions Overview