Skip to end of metadata
Go to start of metadata

Symptoms

For those who prefer to let their keyboards do the work, rather than their mouse, or are running into problems joining AD via the SoftNAS GUI, ('Ajax Timeout' errors have been known to occur) it is possible to join your SoftNAS instance to Active Directory via your command line interface.

Purpose

This article provides step by step instructions for joining your SoftNAS instance to Active Directory from within a CLI. 

Note: If an HA pairing, this process MUST be run twice, once on each node, or failover would break domain trusts.

Resolution

SSH into the SoftNAS instance in question. (Alternatively, it is possible to access the command shell from within your SoftNAS GUI, by navigating the Storage Administration pane, going to Settings, then clicking General System Settings. In the Webmin Panel that will open, expand Others, and Command Shell will be the first available option.)

Once connected with your instance (or within the internal command shell), run the following commands, to stop Samba and Winbindd services. These services must be stopped to prevent changes from being overwritten.

service sernet-samba-nmbd stop

service sernet-samba-winbindd stop

Once services have been stopped, a new Kerberos ticket-granting ticket must be added. Run the commands:

kinit

Next, run the "klist" command, which confirms the Active Directory information.

klist

Next it is time to join your instance to Active Directory. 

net ads join -U <username>

The username in question must have rights to create objects in AD and join objects to the domain. It is not case sensitive. If the above command fails, try the following:

net rpc join -U <username>

Once your instance has successfully joined Active Directory, start the Samba and Winbindd services.

service sernet-samba-nmbd start

service sernet-samba-winbindd start

Next, the various connections need to be listed at least once so the GUI can read them later.

wbinfo -t

(to see trust) 

wbinfo -m 

(to see all trust domains)

wbinfo -u

(to sync users)

wbinfo -g

(sync group os)

Remember to join both nodes of an HA cluster to AD if they are to work in unison.  Also check the Samba.conf file for any information pertaining to the AD join process, as it is a wealth of info.

Additional Information

Active Directory Configuration