[KRB5KDC_ERR_PREAUTH_FAILED] Errors on AD quite often

electricd7 · May 1, 2025, 5:08pm

Hello- Trying to troubleshoot an error I keep getting on one of my 2 truenas arrays which are joined to my domain. The error I get is:

[KRB5KDC_ERR_PREAUTH_FAILED] Major (458752): No credentials were supplied, or the credentials were unavailable or inaccessible, Minor (2529638936): Preauthentication failed.

Both arrays are added to the same domain using the same credentials. I am not sure why it keeps happening. I have to essentially turn off AD, enter in the password for the AD user again and turn it back on. When the error occurs I am unable to see any of my groups or users from AD in the TrueNAS GUI, but shares are still working and it appears to still respect the permissions based on AD that are already in place. Thanks!

Johnny_Fartpants · May 2, 2025, 7:02am

Can you share a screenshot of your AD config in TN.

I presume your NTP servers are the same on TN as they are in AD?

electricd7 · May 2, 2025, 12:15pm

Here is my AD config. My NTP servers on TN are pointing at my domain controllers:

artbird309 · May 2, 2025, 12:58pm

I am having the same issue, I disabled and deleted the Kerberos Principal keytab then enabled AD again and that solved the issue for one day but it came back this morning.

I also have two systems that are connected to AD the same but the one that hasn’t had issues is still on 24.10 and the one having issues I upgraded to 25.04 about a week ago.

electricd7 · May 2, 2025, 2:33pm

Both of mine are 25.04 and only 1 is having the issue. To be fair, the one not having the issue is a DR replica target and not really getting much use other than replication.

Johnny_Fartpants · May 2, 2025, 2:41pm

Perhaps get a bug report logged if we think it’s an issue in version 25.

electricd7 · May 2, 2025, 3:30pm

I have created a bug request. Thanks!

https://ixsystems.atlassian.net/browse/NAS-135671

@artbird309 feel free to add your data to that ticket

artbird309 · May 3, 2025, 5:11pm

Thanks, I have added my data to the ticket.

Ricardo_Rio · May 6, 2025, 8:58am

Hi,

I also have the same issue, had with version 24.10 and now same thing with 25.04.

It happens from time to time, can only recover by removing the server from AD and then adding again, but dos not always work at the first time (or did not found a consistent way to do it). When this happens the access to the storage is lost by the AD users.

Best regards,
Ricardo Rio