Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Purpose

This article provides step by step instructions for joining your SoftNAS instance to Active Directory from within a CLI. 

Note
If an HA pairing, this process MUST be run twice, once on each node, or failover would break domain trusts.


Symptoms

For those who prefer to let their keyboards do the work, rather than their mouse, or are running into problems joining AD via the SoftNAS GUI, ('Ajax Timeout' errors have been known to occur), it is possible to join your SoftNAS instance/VM to Active Directory via your command line interface.

Purpose

This article provides step by step instructions for joining your SoftNAS instance to Active Directory from within a CLI. 

Note
If an HA pairing, this process MUST be run twice, once on each node, or failover would break domain trusts.

Resolution

Resolution

  •  SSH into the SoftNAS instance
/virtual machine
  • in question.
(Alternatively, it is possible to


  •  You can also access the command shell from within your SoftNAS GUI
,
  • by navigating
the Storage Administration pane, going
  • to Settings
, then clicking 
  • > General System Settingsin the Storage Administration pane.
In
  •  In the Webmin
Panel
  • panel that
will open
  • opens,
expand 
  • navigate to Others
, and 
  • > Command Shell
 will be the first available option.)
  • .
  •  

    Once connected

with your instance (or within the internal command shell)
  • , run the following commands

,
  • to stop Samba and Winbindd services

. These services must be stopped to prevent changes from being overwritten. Panel
borderColorblack
bgColor#f0f0f0
borderStylesolid
# service
  • :

    Code Block
    languagebash
    themeEclipse
    linenumberstrue
    service sernet-samba-nmbd stop
# service
  • 
    service sernet-samba-winbindd stop


Note

These services MUST be stopped to prevent changes from being overwritten.


  •  

    Once services have been stopped, add a new Kerberos ticket-granting ticket

must be added. Run the commands
  • using the following command:

panel
  • Code Block
borderColor
  • language
black
  • bash
bgColor
  • theme
#F0F0F0
  • Eclipse
borderStyle
  • kinit
solid# kinit

Next, run the "klist" command, which confirms
  •  

    Confirm the Active Directory information

.
Panel
borderColorblack
bgColor#f0f0f0
borderStylesolid
# klist
Next it is time to join
  • by running the following command:

    Code Block
    languagebash
    themeEclipse
    klist


  •  

    Join your instance to Active Directory

. Panel
borderColorblack
bgColor#f0f0f0
borderStylesolid
# net ads join -U <username>
  • using the following command:

    Code Block
    languagebash
    themeEclipse
    net ads join -U <username>


  •  

    The username in question must have rights to create objects in

AD
  • Active Directory and join objects to the domain.

It is not case sensitive. If
  •  IF the above command fails, try the following command:

panel
  • Code Block
borderColor
  • language
black
  • bash
bgColorborderStylesolid# net rpc join -U <username>
  • theme
#f0f0f0
  • Eclipse
    net rpc join -U <username>


  •  

    Once your instance has successfully joined Active Directory, start the Samba and Winbindd services

. Panel
borderColorblack
bgColor#f0f0f0
borderStylesolid
# service
  • using the following commands:

    Code Block
    languagebash
    themeEclipse
    service sernet-samba-nmbd start
# service
  • 
    service sernet-samba-winbindd start


Next, the various
  • Various connections will need to be listed at least once so that the GUI can read them later.  Issue the following commands:

panel
  • Code Block
borderColor
  • language
black
  • bash
bgColor
  • theme
#f0f0f0
  • Eclipse
borderStyle
  • linenumbers
solid# wbinfo -t

(to see trust) 

Panel
borderColorblack
bgColor#f0f0f0
borderStylesolid
# wbinfo -m 

(to see all trust domains)

Panel
borderColorblack
bgColor#f0f0f0
borderStylesolid
# wbinfo -u

(to sync users)

Panel
borderColorblack
bgColor#f0f0f0
borderStylesolid
# wbinfo -g
(sync group os)
  • true
    # To see trust:
    wbinfo -t
    # To see all trust domains:
    wbinfo -m
    # To sync users:
    wbinfo -u
    # To sync group OS:
    wbinfo -g


Note

Remember to join both nodes of an HA cluster to

AD

Active Directory if they are to work in unison.

 Also check the


Info
Check the Samba.
conf
conf file for any information pertaining to the
AD
Active Directory join process
, as it is a wealth of info
.


Additional Information

Active Directory Configuration