AD Faults with "conf.bindpw: Parameter is required" after some days

Rupert · February 17, 2025, 12:24pm

Hello,
I run ElectricEel-24.10.2. and I can join our Active Directory without any problems and the AD syncs and works fine. But after some days (4-5) the status changes to faulted and I get the error
conf.bindpw: Parameter is required..

I can fix this by leaving and rejoining the AD but that cant be the solution. My settings are

Enable
Use Default Domain
AD Timeout 60
DNS Timeout 10
Winbind NSS Info

and I set

Domain Name
Domain Account Name
Domain Account Password
NetBIOS Name
Kerberos Realm

everything is empy or unchecked.

I dont really know what the notification actually means and therefore dont really know where to start troubleshooting. Do you have any tips regarding that?

(Some people seem to have a similar problem but they cant join the AD at all so I don’t think that it is the same issue.)

Greetings Rupert

Rupert · February 21, 2025, 6:00pm

Hi,

i troubleshooted the problem by enabling verbose logging and checking in /var/log/middlewared.log.

The problem is on my end. Apparently TrueNas only uses the password only in the initial login and tries to authenticate with a kerberos keytab when the kerberos ticket expires. This was not set up correctly on my end, i could not authenticate with the keytab. I quick hack/fix until this is fixed in our Kerberos/AD is setting up a cronjob that runs kinit before the old ticket expires. Then TrueNas will not attempt to use the keytab.