I had the problem "[EFAULT] TrueNAS server is joined to activedirectory while lacking a configured kerberos principal"

Full error:

[EFAULT] TrueNAS server is joined to activedirectory (possibly through commands issued outside of public APIs) while lacking a configured kerberos principal, which is required maintain a stable domain connection. Disabling service.

I updated from SCALE 23.10.1 to 23.10.2

I tried following those other posts but it didn’t work:

but no luck

in the end I created a new keytab file on my windows server with

ktpass /princ administrator@example.com /pass mysupersecretpassword /mapuser EXAMPLE\Administrator /ptype KRB5_NT_PRINCIPAL /out admin.keytab

and i loaded it back to the keytab section in /ui/directoryservice/kerberoskeytabs

then instead of joining back with a password, i chose that keytab in advanced setting

Hi Could7980

I ran into the same problem, could create the keytap file on my DC. But where do I need to copy it to? The system structure of truenas scale is still a blackbox for me :-/ Can I just copy it to the target file via ssh?

Appreciate your help!


I didn’t use ssh, I used the UI

Load it at http://yourserver.local/ui/directoryservice/kerberoskeytabs

I wish in a future version there’s a way to let it forget it was ever connected to active directory and start from scratch

I did get Cloud’s Solution to work. I was confused on how to actually use the keytab file.

Wish I would have taken a screenshot to show the correct “knobs” that needed to be turned.