Hello,
I run ElectricEel-24.10.2. and I can join our Active Directory without any problems and the AD syncs and works fine. But after some days (4-5) the status changes to faulted and I get the error conf.bindpw: Parameter is required..
I can fix this by leaving and rejoining the AD but that cant be the solution. My settings are
Enable
Use Default Domain
AD Timeout 60
DNS Timeout 10
Winbind NSS Info
and I set
Domain Name
Domain Account Name
Domain Account Password
NetBIOS Name
Kerberos Realm
everything is empy or unchecked.
I dont really know what the notification actually means and therefore dont really know where to start troubleshooting. Do you have any tips regarding that?
(Some people seem to have a similar problem but they cant join the AD at all so I don’t think that it is the same issue.)
i troubleshooted the problem by enabling verbose logging and checking in /var/log/middlewared.log.
The problem is on my end. Apparently TrueNas only uses the password only in the initial login and tries to authenticate with a kerberos keytab when the kerberos ticket expires. This was not set up correctly on my end, i could not authenticate with the keytab. I quick hack/fix until this is fixed in our Kerberos/AD is setting up a cronjob that runs kinit before the old ticket expires. Then TrueNas will not attempt to use the keytab.
Are you able to talk much about in what way this wasn’t setup correctly? I’m having the same issue but I don’t know in what way we may be misconfigured, so I’m not sure if this is our problem.
i have seen this on normal windows AD, IMHO its a flaw on how they were doing things, i note the are some changes on 25.10.2 that look related, so fingers crossed
