After the upgrade to 25.04, my active directory connection has been failing. After trying to reset the configuration by disabling AD on TrueNAS, then deleting the computer object in AD (and waiting for that to replicate), I reenable AD and enter the admin password again. After the “waiting for replication” message sits for a while, I get the error “[ENOENT] KEYRING:persistent:0: Credentials cache does not exist” and the join fails. The computer object IS created, and if I just hit save again, its now connected.
But then a few hours later I get the error “[EINVAL] conf.bindpw: Parameter is required. .” and AD connection is faulted. I have to disable AD, then re-enable it and reenter the admin password and its OK again for a few hours. Under Advanced settings, the Kerberos Princicpal is still blank, and setting it TRUENAS$@domain.tld (like it was always set prior to the 25.04 upgrade) gives the erorr “Kerberos principal credentials are no longer valid. Rejoining active directory may be required.” I can still set the Kerberos Principal to nothing, enter the admin password again, and then it connects for a few hours until the bindpw required error comes again.
It seems like the creditial cache is bad, but I, not sure. I’ve done the rebuild cache button many times, but no changes at all. Is there some way to completely clear out the AD settings from the CLI and restart it all or something?
I believe I have this fixed now. I wasn’t using the Leave Domain button on the TrueNAS gui. After using that, it seems to have cleared out the cache causing problems, and it looks back to normal now.
I’ve been struggling with the exact same thing on one of my TrueNAS servers. Everything you mentioned (including leaving Domain), has been tried. I never had AD issues when I was on 24. Let me know if this solves your issues long(er) term. I’m at my wits end. I’ve even deleted the object in AD, pushed replication, deleted in DNS and changed the hostname. This seems to have worked for a longer period of time, but the issue comes back.
Same issue. Tried to leave and rejoin. No error on rejoin but the error appears again after an hour or two. Worked fine before update and my environment haven’t changed. Sure it’s related to update
Fully leaving the domain, so the Idmap and Kerberos realm info is removed under Advance Settings, and then rejoining did fix my issue. Its been solid now for over a week.
I did the same and fingers crossed, it’s been ok for about a day now. What’s weird is after removing the previous host (name) from AD completely and rejoining under a new host name, it was ok for about a week. Then, I had to reboot my DC and this created the chain of events. I’d hate to think that every time the DC/AD reboots, this happens. I never had any issues when running 24 (I’ve been running TrueNAS since the FreeNAS days).
1 Like
