Active Directory not Joining on TrueNAS Scale 24.10 RC2

TrueNAS General
,
1

Hi all,

I had the OS of my Storage on a USB-Stick (TrueNAS 2023.?) and had to reinstall, so I tried TrueNAS Scale 24.04 first, but the installer throw some errors on my machine (HPE DL380p Gen8, 25 SFF) so I decided (I was in a rush to get the data back online) to try the TrueNAS Scale 24.10.RC2 Installer (which worked without problems).

After Re-Importing my Storage-Pools (Everything is back), I had to rejoin the host to Active Directory, and here my demise begins: I added all the necessary info (after deleting the old AD-Entry for the host) and only get a stupid:

Error: bindpw
Parameter is required.

One funny thing is, the host get created in AD, but TrueNAS thinks it doesn’t work.

image
image1042×1481 43.3 KB

Maybe anyone has a clue.

I checked already time (NTP to AD-Controllers is active) and DNS (DNS-Controllers). To prevent Firewall issues, I moved the system in the same network, so there is no external firewall preventing correct operations.

System-Info:
OS Version:TrueNAS-SCALE-24.10-RC.2
Product:ProLiant DL380p Gen8
Model:Intel(R) Xeon(R) CPU E5-2650 0 @ 2.00GHz
Memory:252 GiB
System Serial:CZ24482ZY6

Many thanks in advance!

2

24.10.0 fixes race where if you have multiple DCs the system kerberos library could race sysvol replication for the newly-created machine account causing us to fail in an unexpected way.

3

Hmm, thanks. We really have three domain controllers. So best solution is to wait for final release? Or is there a possibility to test this? At least I don’t need to doubt my admin skills. Again Thanks!

4

If it’s the same issue I have seen then after the initial join fails I disable the AD join and re-enable and that works.

5

Continuing the discussion from Active Directory not Joining on TrueNAS Scale 24.10 RC2:

Hi, after waiting for the now stable 24.10 release and updating, I see still the same problem. I tried it with two different systems (one updated from RC2 and one from a newer daily) and both show the same bindpw error as before. Please help!

@Johnny_Fartpants
After the error AD is still disabled, there is nothing to disable and try again, you can just try again (before: delete AD-entry in Domain, delete the kerberos realm and keytab in directory settings / advanced settings).

I re-checked, that hostname and NETBIOS name are the same, that the reverse DNS is matching the host record. → all OK

Cheers

6

So what I meant was to simply go back into ‘Active Directory Settings’ uncheck enable, save and then recheck enable and save. When I had historic issues with SCALE and AD this worked for me.

I’ve just tried a new AD join with 24.10.0 and I can confirm the join is working fine in my setup.

The only changes I made outside of configuring my network interface was to set the timezone accordingly and my nameservers.

Create a pool.

AD config was checks in:

Enable (requires password for Kerberos principle)
Use Default Domain
Allow DNS Updates
Disable AD User / Group Cache (mine is BIG :wink: )

Set the NetBios name to match my object in AD.
Enter the domain name.
Enter admin credentials (ensuring they have control over the object in AD).

7

Im on 24.10.0 truenas scale. im experiencing the exact same issues joining an AD.
Error: bindpw
middlewared.service_exception.ValidationErrors: [EINVAL] conf.bindpw: Parameter is required.

This is through the GUI

Error: Traceback (most recent call last):
File “/usr/lib/python3/dist-packages/middlewared/job.py”, line 488, in run
await self.future
File “/usr/lib/python3/dist-packages/middlewared/job.py”, line 533, in __run_body
rv = await self.method(*args)
^^^^^^^^^^^^^^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/middlewared/schema/processor.py”, line 179, in nf
return await func(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/middlewared/schema/processor.py”, line 49, in nf
res = await f(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/middlewared/plugins/activedirectory.py”, line 576, in do_update
raise e
File “/usr/lib/python3/dist-packages/middlewared/plugins/activedirectory.py”, line 565, in do_update
await self.__start(job)
File “/usr/lib/python3/dist-packages/middlewared/plugins/activedirectory.py”, line 613, in __start
cache_job_id = await self.middleware.call(‘directoryservices.connection.activate’)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/middlewared/main.py”, line 1626, in call
return await self._call(
^^^^^^^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/middlewared/main.py”, line 1468, in call
return await self.run_in_executor(prepared_call.executor, methodobj, *prepared_call.args)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/middlewared/main.py”, line 1361, in run_in_executor
return await loop.run_in_executor(pool, functools.partial(method, *args, **kwargs))
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File “/usr/lib/python3.11/concurrent/futures/thread.py”, line 58, in run
result = self.fn(*self.args, **self.kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/middlewared/plugins/directoryservices/join.py", line 46, in activate
self.ad_activate()
File "/usr/lib/python3/dist-packages/middlewared/plugins/directoryservices/activedirectory_join_mixin.py", line 38, in _ad_activate
self.middleware.call_sync(‘kerberos.start’)
File “/usr/lib/python3/dist-packages/middlewared/main.py”, line 1651, in call_sync
return self.run_coroutine(methodobj(*prepared_call.args))
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/middlewared/main.py”, line 1691, in run_coroutine
return fut.result()
^^^^^^^^^^^^
File “/usr/lib/python3.11/concurrent/futures/_base.py”, line 449, in result
return self.__get_result()
^^^^^^^^^^^^^^^^^^^
File “/usr/lib/python3.11/concurrent/futures/_base.py”, line 401, in __get_result
raise self._exception
File “/usr/lib/python3/dist-packages/middlewared/plugins/kerberos.py”, line 563, in start
cred = await asyncio.wait_for(self.middleware.create_task(self._kinit()), timeout=kinit_timeout)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File “/usr/lib/python3.11/asyncio/tasks.py”, line 479, in wait_for
return fut.result()
^^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/middlewared/plugins/kerberos.py”, line 514, in _kinit
cred = await self.get_cred(payload)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/middlewared/schema/processor.py”, line 179, in nf
return await func(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^
File “/usr/lib/python3/dist-packages/middlewared/plugins/kerberos.py”, line 309, in get_cred
verrors.check()
File “/usr/lib/python3/dist-packages/middlewared/service_exception.py”, line 72, in check
raise self
middlewared.service_exception.ValidationErrors: [EINVAL] conf.bindpw: Parameter is required.

8

Updated to:
ElectricEel-24.10.0.2

no change. Stil the same :frowning:

Anyone HELP?!?

9

still the same at:
ElectricEel-24.10.1-MASTER-20241111-040152

10

Does your join account have full control over the object in AD?

11

Hi,

yes my user is full dom-admin and is allowed to everything. It works now on the patchlevel above.

i needed to clean up the old AD-Join on the truenas shell:

midclt call activedirectory.leave ‘{“username”: “myusername”, “password”: “mypassword”}’

username and password are keys and should stay as in this line. Replace myusername and mypassword with the credentials you tried to join. Afterwards try again using the GUI. At least for me it seemed to work. I will try tomorrow with my second truenas system.

Cheers!

12

I’m having the same error on my new install of TS scale 24.10.0.2. I tried your solution above but I’m still getting the same error.