I lost my AD server and created a fresh new one. When I came back to Rockstor server, AD is not working. I get everything connected/authenticated and I can even see the Rockstor server in AD. The problem is that I cannot seem to get the user/groups to update with the AD, so I am unable to apply proper AD perms to my shares.
Detailed step by step instructions to reproduce the problem
Join Rockstor to AD
Destroy AD server
Recreate AD server
Join Rockstor server back to AD server through GUI.
Some shell steps to check your current AD join: net ads testjon -> this should return Join is OK net ads info -> will return AD DC infos to check if you’re on right server net ads user -U AD_ADMINISTRATOR -> with your AD Admin instead of AD_ADMINISTRATOR will ask for password and return AD users list
[root@fileserv ~]# net ads testjoin
Join is OK
[root@fileserv ~]# net ads info
LDAP server: 192.168.5.138
LDAP server name: DOMAINSERV01.domain.thedaily.tv
Bind Path: dc=DOMAIN,dc=THEDAILY,dc=TV
LDAP port: 389
Server time: Sun, 23 Apr 2017 11:53:11 PDT
KDC server: 192.168.5.138
Server time offset: 0
Last machine account password change: Sun, 23 Apr 2017 09:19:46 PDT
[root@fileserv ~]# net ads user -U administrator
Enter administrator's password:
[list of users]
I should note that the user and group list has retained one of my users and groups that I started to use for perms when the first AD server was setup and working. I cannot figure out how to remove the user or group.
one last question: did you use same AD names? If your answer is “yes” then probably you just had to wait till winbind/samba cache updates (or force it stopping smb & winbind, clearing samba cache with net cache flush + deleting .tdb files, then starting again smb & winbind)
Yes, I used the same names. Thanks for the information. That was exactly the kind of thing I was looking for. My guess is that would have worked in this scenario too, I just didn’t know the specifics of doing so.
Yes, we can mark as resolved. Thank you for your help!