truenas:stable/electriceel ← truenas:NAS-131715-24.10.0
opened 03:29PM - 10 Oct 24 UTC
This is continuation of fix in NAS-131697, which was determined to be insufficie… nt for all edge cases with multi-dc setups.
During the domain join process temporarily hard-code the KDC used by MIT kerberos to the DC with which we're communicating. This is to prevent races on sysvol replication. Once we successfully join AD we need to remove this hard-coded configuration to allow AD failover. This commit adds a retry loop for trying to start keberos after the join attempt because there's risk that the DC we discover via DNS hasn't received the updated computer account information.
Original PR: https://github.com/truenas/middleware/pull/14648
Jira URL: https://ixsystems.atlassian.net/browse/NAS-131715
24.10.0 fixes race where if you have multiple DCs the system kerberos library could race sysvol replication for the newly-created machine account causing us to fail in an unexpected way.
