Upgrade from Core 13.0-U6.2 to U6.7 has caused AD authentication failure on Windows Clients

rojiru · April 8, 2025, 9:31pm

After upgrading from Core 13.0-U6.2 to Core 13.0-U6.7 AD/SMB shares are not accessible from Windows Clients. Windows gives an authentication error as “The username or password is incorrect.”

I’ve verified all the settings per the documentation, forum and various yt vids. At the shell wbinfo -g or -u lists AD groups and users correctly.

I’ve deleted the share and recreated with the same end result.

When I setup the Share File Permissions, choosing ACL Manager, Restricted set, clicking the drop down for either user or group selection does not list the AD users or groups. It seems that samba is not authenticating to AD, even though it has authenticated once to pull the AD info.

Any help is appreciated.

Thanks!

awalkerix · April 9, 2025, 1:34am

Do you see your users in getent passwd and groups in getent group output? If they are absent then it most likely means you have misconfigured idmap settings on TrueNAS.

rojiru · April 9, 2025, 4:35pm

AD groups and users not displayed with those cmds. I can authenticate users from the cmd line with wbinfo. Looking at ldmap settings for domain are low=1000000001 high=200000000.
SCHEMA MODE: RFC2307. Should it be SFU?

Thanks!

awalkerix · April 9, 2025, 5:10pm

Nope. This 100% depends on how you configured AD (idmap_ad). If it was working before, then you should look at your old settings.