11.2-U1 as a Domain Controller

[Patrick M. Hausen]

Hi all,

has anyone got this to work? I'm trying to setup a small network with two Windows PCs and the FreeNAS as the DC so users can logon on either machine and find their home directory, profile etc. on the server.

I tried this some months ago with 11.0 and the process was pretty easy at first. At least getting the DC up and running. Problem at the time was that group policies did not work at all and that's what I need for ther server based profiles and homes. So back to today. I set up network and the DC service as shown in the screenshots:


First question: the documentation is really sparse here: what does "Rights, None, Mode" in the "Kerberos Realm" field mean?

I can save this configuration ok and with the DC running name resolution works. So I can use the FreeNAS (192.168.178.2) as the local resolver and it will forward requests to the local DSL router (192.168.178.1) as told.

But, as a first check - shouldn't I be able to get the DC list by a simple DNS request for $DOMAIN like so:

Code:

$ dig @192.168.178.2 effeff.lan

; <<>> DiG 9.10.6 <<>> @192.168.178.2 effeff.lan
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23542
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;effeff.lan.            IN    A

;; AUTHORITY SECTION:
.            2840    IN    SOA    a.root-servers.net. nstld.verisign-grs.com. 2019012700 1800 900 604800 86400

;; Query time: 46 msec
;; SERVER: 192.168.178.2#53(192.168.178.2)
;; WHEN: Sun Jan 27 15:14:13 CET 2019
;; MSG SIZE  rcvd: 114

Neither can I resolve the DC:

Code:

$ dig @192.168.178.2 server.effeff.lan

; <<>> DiG 9.10.6 <<>> @192.168.178.2 server.effeff.lan
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53904
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;server.effeff.lan.        IN    A

;; AUTHORITY SECTION:
.            2628    IN    SOA    a.root-servers.net. nstld.verisign-grs.com. 2019012700 1800 900 604800 86400

;; Query time: 52 msec
;; SERVER: 192.168.178.2#53(192.168.178.2)
;; WHEN: Sun Jan 27 15:14:44 CET 2019
;; MSG SIZE  rcvd: 121

So no wonder when I try to add the directory service, the system tells me "domain controller cannot be found" ...

Thanks for any hints,
Patrick

 

[Patrick M. Hausen]

Is there nobody using FreeNAS as an actual *NAS*? I thought running a Windows DC would be the most common configuration in a Windows desktop environment ...

I'll open a bug report ... *sigh*

This is such an essential core function, IMHO.

Patrick

 

[Patrick M. Hausen]

OK, installed 11.1-U7 - creation of the DC worked instantly, DNS answers in the local network as expected. I'm currently updating to 11.2-U1 to see if the correct configuration persist (which would hint at an UI bug) or the update breaks the DC (hinting at a middleware bug).

Stay tuned ;)
Patrick

 

[Patrick M. Hausen]

OK, sorry to say that, but i have given up. I needed a working file server solution at that office and ditched the domain controller part. Obviuosly Samba/FreeNAS is not a simple drop in replacement for a Windows DC for a small office. I don't have the time currently.

Kind regards,
Patrick

 

[anodos]

OK, sorry to say that, but i have given up. I needed a working file server solution at that office and ditched the domain controller part. Obviuosly Samba/FreeNAS is not a simple drop in replacement for a Windows DC for a small office. I don't have the time currently.

Kind regards,
Patrick

I put in some significant fixes / changes to 11.2-U2, but I think there's still one outstanding PR that needs to be merged into 11.2-stable (still not 100% there IMHO). I'm planning to move this role into a plugin rather than a FreeNAS service, which will allow us to decouple updates for the DC role from base OS updates.

 

[Metis IT]

OK, sorry to say that, but i have given up. I needed a working file server solution at that office and ditched the domain controller part. Obviuosly Samba/FreeNAS is not a simple drop in replacement for a Windows DC for a small office. I don't have the time currently.

Kind regards,
Patrick

i was about to try getting a DC running with 11.2-U3. then i found this from William on NAS-100924

William Grzybowski added a comment - 14/Mar/19 2:06 PM
We are going to retire the DC service as builtin service in freenas for 11.3+ so this will be a non-issue.
I know its not what you would like to hear but maintaining DC on our own has been more trouble then its worth. We plan on having it as a separate plugin instead.

@anodos so for now i suppose setting up a jail myself for the DC function is the best option? any take on going with a FreeBSD jail vs a debian VM?