Brand new install of TrueNAS. Version 25.04.1 (community edition).
When I go over to Credentials → Directory Services, I’ll click on Configure Active Directory. Input my domain name (which is called “domain or arms.internal”), domain account name, and password, NetBIOS name defaults to TRUENAS. Click enable. Click Save - I get this error:
No server IP addresses passed DNS validation. This may indicate an improperly configured reverse zone. Review middleware log files for details regarding errors encountered.
Any idea what this means? And where are middleware logs?
No server IP addresses pass DNS validation. What??
I’m totally stuck here. Brand new install. My storage/datasets/shares are all setup. I just can’t join this nas to my AD.
My AD server is Dell Server running Windows Server 2016. I have about 3 computers out of the entire office connected to this AD server
Have you configured your domain controllers as nameservers in TrueNAS (and only domain controllers as nameservers)? Does your AD DNS have reverse zone configured for the network in which TrueNAS is located?
This is not strictly true. So long as the AD account being used to join has control over the object (if first created in AD) then that should work also.
I had similar issues when I tried joining to the domain. It kept throwing various errors like no reverse zone setup even through it was, and to make sure that every DNS server configured was an Active Directory server, which it already was.
It felt like it was just picking errors from a big bowl and doing a raffle draw.
If the computer account and/or dynamic DNS entry exists in your AD domain, delete them and let TrueNAS recreate those objects. It took many attempts for me but it finally worked and it is still working.
One thing that is wrong is the tooltip text for the Site Name field. It currently says:
Help: Site Name
Enter the relative distinguished name of the site object in the Active Directory.
In previous versions I remember that was correct, but it isn’t the case anymore. You can simply enter the name of your AD site, not the whole DN.
You can leave the Computer Account OU blank. Almost all options you see configured on the Advanced screen are automatically populated once the join is successful.
Here is a screenshot of my settings:
Apparently I cannot embed media items in this post, so here’s the link:
Apparently I cannot even post a link to my screenshot. I’m out of fuckin ideas.
You can try verifying connectivity with the DC using the wbinfo CLI tool:
Checking Users and Groups:
wbinfo -u: Lists all Active Directory users.
wbinfo -g: Lists all Active Directory groups.
Checking Domain Information:
wbinfo -m: Displays the Active Directory domains to which the system is connected.
Testing Connection:
wbinfo -t: Tests the connection to the Active Directory domain. This command verifies if TrueNAS can communicate with the domain controller.
Verifying Name Resolution:
ping <domain_controller_hostname>: Checks basic network connectivity to the domain controller.
dig -t srv _ldap._tcp.<domain_name>.com: Checks for SRV records related to LDAP, verifying DNS resolution for Active Directory services.
Accessing the TrueNAS CLI:
Navigate to System Settings > Shell in the TrueNAS web UI.
Enter cli at the system prompt and press Enter to access the TrueNAS command line interface.
Example:
Open the TrueNAS web interface and go to System Settings > Shell.
Type cli and press Enter to access the command line.
Use wbinfo -t to test the connection to the domain.
If the connection is successful, you can proceed to check users, groups, and domain information using wbinfo -u, wbinfo -g, and wbinfo -m respectively.
Use ping and dig commands to verify name resolution and network connectivity.
Nameserver is set to 192.168.192.11 which is the IP of my domain controller/AD server.
When I open the CLI on the truenas and ping the server name (which happens to be “server”) - no reply. When I ping the IP, I get a reply.
In my edit global configuration for the network, my service announcement section - I have NetBIOS-NS, mDNS, and WD-Discovery all checked. Outbound Network is set to Allow All.
Didn’t you fill out the Domain field that is right under the Hostname field?
You also didn’t say what the result was when you try pinging the DC/DNS server’s fully qualified name.
Since your system is not appending the domain name to unqualified hostname lookups, I have a feeling you left that blank.
You can also add an entry into the Host Name Database field near the bottom of the same page on Global Network Configuration. Anything you add in here will take precedence over DNS if there’s a conflict, so make sure it’s good.
The syntax for that is: <ip address> <hostname>
(you can use either a single space or tab as the whitespace between ip address and hostname)
For example your entry might look like this: 192.168.192.11 server.domain.local server
Messing with the host name database doesn’t fix anything, it just ensures a hostname/FQDN is mapped to an IP.
By the way looks like I’m able to post images now so here’s that screenshot I tried to post in my first reply:
The only thing you should need to touch on the right hand side of that image is the Site Name field (which simply accepts the exact site name, not a DN/distinguished name).
