[SOLVED] Lost AD (Active Directory) server and trying to rejoin

bennysp · April 23, 2017, 4:40pm

Brief description of the problem

I lost my AD server and created a fresh new one. When I came back to Rockstor server, AD is not working. I get everything connected/authenticated and I can even see the Rockstor server in AD. The problem is that I cannot seem to get the user/groups to update with the AD, so I am unable to apply proper AD perms to my shares.

Any ideas?

Detailed step by step instructions to reproduce the problem

Setup AD
Join Rockstor to AD
Destroy AD server
Recreate AD server
Join Rockstor server back to AD server through GUI.

Flyer · April 23, 2017, 4:55pm

Hi @bennysp Ben and Welcome to Rockstor!

Some shell steps to check your current AD join:
net ads testjon -> this should return Join is OK
net ads info -> will return AD DC infos to check if you’re on right server
net ads user -U AD_ADMINISTRATOR -> with your AD Admin instead of AD_ADMINISTRATOR will ask for password and return AD users list

Waiting your feedbacks
Mirko

bennysp · April 23, 2017, 6:58pm

Thanks Mirko.

Looks like everything passed in those commands:


[root@fileserv ~]# net ads testjoin
Join is OK
[root@fileserv ~]# net ads info
LDAP server: 192.168.5.138
LDAP server name: DOMAINSERV01.domain.thedaily.tv
Realm: DOMAIN.THEDAILY.TV
Bind Path: dc=DOMAIN,dc=THEDAILY,dc=TV
LDAP port: 389
Server time: Sun, 23 Apr 2017 11:53:11 PDT
KDC server: 192.168.5.138
Server time offset: 0
Last machine account password change: Sun, 23 Apr 2017 09:19:46 PDT
[root@fileserv ~]# net ads user -U administrator
Enter administrator's password:
[list of users]

bennysp · April 24, 2017, 12:22am

I should note that the user and group list has retained one of my users and groups that I started to use for perms when the first AD server was setup and working. I cannot figure out how to remove the user or group.

bennysp · April 24, 2017, 1:10am

I went into my AD server and mapped the ID of the ones that were still in the Rockstore configuration and I am back working now.

Flyer · April 24, 2017, 6:04am

Hi @bennysp,
one last question: did you use same AD names? If your answer is “yes” then probably you just had to wait till winbind/samba cache updates (or force it stopping smb & winbind, clearing samba cache with net cache flush + deleting .tdb files, then starting again smb & winbind)

Can we mark this as solved?

Mirko

bennysp · April 24, 2017, 5:38pm

Hi @Flyer,

Yes, I used the same names. Thanks for the information. That was exactly the kind of thing I was looking for. My guess is that would have worked in this scenario too, I just didn’t know the specifics of doing so.

Yes, we can mark as resolved. Thank you for your help!

Ben

g6094199 · April 28, 2017, 7:08pm

Just a small note:

Leave the AD on the local machine
Restart all samba services (smb, winbind, etc) or reboot the machine
Join the AD again

should get around the duplicated problem.