9.2.1 Beta Domain Controller Question

[Jeepers183]

So i am rather new to FreeNas so i'm hoping i'm missing something simple.
I have a ton of experiance in an Microsoft Active Directory enviroment so the option of running it at home was a huge plus for me (Although i know 9.2.1 is still in Beta so I may end up with some issues).

Now to the point, Under system settings i chose Domain Controller, On the services Tab (Because it wasn't listed in the tree) i modified my directory services and set the Realm, domain (realm without the .xxx), DNS Backend "Samba_Internal", DNS Forwarder "My router", Forest Level "2003". Then added the coresponding domain information to my Active Directory configuration under services in the tree. This left the Directry Services Service unable to start but added Domain Controller under services in the tree.
The strange part is if i choose domain controller under the tree it is blank, if i add all of my information i get a loading screen then a statement that an error has occored (On the first shot I recieved an error that was related to some Domain Controller files missing but i didn't grab a screenshot of it, i know shame on me).

Am I to the point of a factory reset (And would i loose my shares/volumes or just the system settings) as the only backup i took was pre 9.2.1 upgrade and i had been confused and trying to seup freenas as a domain controller under the active directory service settings.

Again, i know i Beta should be testing only and if a restore is required i am comfortable as FreeNas is simply a media server for me currently and i could rebuild all settings in under an hour..

*Edit - Managed to duplicate the error i recieve when i modify the domain controller from the tree.

"
Request Method: POST
Request URL: http://192.168.15.4/admin/services/domaincontroller/add/
Software Version: FreeNAS-9.2.1-BETA-b9c6b76-x64
Exception Type: IntegrityError
Exception Value:
services_domaincontroller.dc_storage may not be NULL
Exception Location: /usr/local/lib/python2.7/site-packages/django/db/backends/sqlite3/base.py in execute, line 450
Server time: Tue, 28 Jan 2014 16:34:49 -0500
"

Edit 2 - After looking up some information about Samba i fired up the shell and decided to try setting up the domain controller manually. I had to rename my smb4.conf as it didn't like then recieved the following error about my filesystem not supporting ACLs

ERROR(<class 'samba.provision.ProvisioningError'>): Provision failed - Provision
ingError: Your filesystem or build does not support posix ACLs, which s3fs requi
res. Try the mounting the filesystem with the 'acl' option.

Am i too far off in guessing this is an issue with not having an NTFS file system?

 

[rm-r]

i'm no expert (at all) but you can set a dataset to have unix or windows acl - try changing the datasets you refer to in the samba config to be windows... just guessing here....

 

[Jeepers183]

I changed the volumes to Windows ACL, then had to use the command "samba-tool domain provision --use rfc2307 --interactive --use-ntvfs".
This let me configure my domain settings and save without error, but now i cant start my directory services service. Keeps telling me it's unable to start and i cant figure out why.

 

[rm-r]

are tehre errors on the console? or in /var/log/messages?

 

[Jeepers183]

Hopefully you know what this means...
Jan 28 20:58:27 freenas DomainController: /usr/sbin/service ix-kerberos quietstart

Jan 28 20:58:27 freenas ix-kerberos: generate_krb5_conf: krbhost=freenas.local, kpwdhost=freenas.local, domainname=XXX

Jan 28 20:58:27 freenas DomainController: /usr/sbin/service ix-nsswitch quietstart

Jan 28 20:58:27 freenas DomainController: /usr/sbin/service ix-pam quietstart

Jan 28 20:58:27 freenas DomainController: /usr/local/bin/python /usr/local/www/freenasUI/middleware/notifier.py start cifs

Jan 28 20:58:28 freenas generate_smb4_conf.py: [common.pipesubr:58] Popen()ing: /bin/rm -rf '/var/db/samba4'

Jan 28 20:58:28 freenas notifier: Traceback (most recent call last):

Jan 28 20:58:28 freenas notifier: File "/usr/local/libexec/nas/generate_smb4_conf.py", line 688, in <module>

Jan 28 20:58:28 freenas notifier: main()

Jan 28 20:58:28 freenas notifier: File "/usr/local/libexec/nas/generate_smb4_conf.py", line 655, in main

Jan 28 20:58:28 freenas notifier: smb4_setup()

Jan 28 20:58:28 freenas notifier: File "/usr/local/libexec/nas/generate_smb4_conf.py", line 645, in smb4_setup

Jan 28 20:58:28 freenas notifier: dc.dc_storage, statedir, e)

Jan 28 20:58:28 freenas notifier: AttributeError: 'DomainController' object has no attribute 'dc_storage'

Jan 28 20:58:28 freenas root: /usr/local/etc/rc.d/samba_server: WARNING: /usr/local/etc/smb4.conf is not readable.

Jan 28 20:58:28 freenas notifier: /usr/local/etc/rc.d/samba_server: WARNING: /usr/local/etc/smb4.conf is not readable.

Jan 28 20:58:31 freenas DomainController: /usr/sbin/service ix-cache quietstart &

Jan 28 20:58:32 freenas DomainController: /usr/local/bin/python /usr/local/www/freenasUI/middleware/notifier.py stop cifs

Jan 28 20:58:33 freenas notifier: winbindd not running? (check /winbindd.pid).

Jan 28 20:58:33 freenas notifier: smbd not running? (check /smbd.pid).

Jan 28 20:58:33 freenas notifier: nmbd not running? (check /nmbd.pid).

Jan 28 20:58:33 freenas DomainController: /usr/sbin/service ix-kerberos quietstop

Jan 28 20:58:33 freenas DomainController: /usr/sbin/service ix-nsswitch quietstop

Jan 28 20:58:34 freenas DomainController: /usr/sbin/service ix-pam quietstop

Jan 28 20:58:34 freenas DomainController: /usr/sbin/service ix-cache quietstop &

Jan 28 20:58:34 freenas DomainController: /usr/sbin/service samba_server forcestop

Jan 28 20:58:34 freenas DomainController: /usr/sbin/service ix-samba start

Jan 28 20:58:35 freenas generate_smb4_conf.py: [common.pipesubr:58] Popen()ing: zfs list -H -o mountpoint,name

Jan 28 20:58:35 freenas generate_smb4_conf.py: [common.pipesubr:58] Popen()ing: zfs list -H -o mountpoint

Jan 28 20:58:35 freenas generate_smb4_conf.py: [common.pipesubr:58] Popen()ing: zfs list -H -o mountpoint,name

Jan 28 20:58:35 freenas generate_smb4_conf.py: [common.pipesubr:58] Popen()ing: zfs list -H -o mountpoint

Jan 28 20:58:35 freenas generate_smb4_conf.py: [common.pipesubr:58] Popen()ing: /usr/local/bin/pdbedit -d 0 -i smbpasswd:/tmp/tmpIMkT6M -e tdbsam:/var/etc/private/passdb.tdb -s /usr/local/etc/smb4.conf

 

[rm-r]

something that jumps out to me

Code:

Jan 28 20:58:28 freenas root: /usr/local/etc/rc.d/samba_server: WARNING: /usr/local/etc/smb4.conf is not readable.
 
Jan 28 20:58:28 freenas notifier: /usr/local/etc/rc.d/samba_server: WARNING: /usr/local/etc/smb4.conf is not readable.

if you cat the smb4.conf file does it reflect your changes? what are the permissions on this file?

 

[Jeepers183]

Well i completly started over and followed the instructions from the Samba Wiki (http://wiki.samba.org/index.php/Samba_AD_DC_HOWTO) and just joined my laptop to the domain. Now to reboot and start the actual management of the domain.

I'm not 100% sure as i'm still new to FreeNas but it seams like there is a bug in the 9.2.1 beta that isn't letting the WebGui talk to samba-tools. I'll let someone with more experience test and file a bug report if it is an issue. Thanks for jumping in and trying to help tho!

 

[rm-r]

you are welcome - but please do log it - you seem like an excellent candidate if you know how AD should work, this is a new and exciting feature for many users.

logging a bug is very quick and simple - https://bugs.freenas.org/ - save someone else the trouble of working through the issue too

you know you should.... and want too.....

 

[Jeepers183]

Ok, ok. You talked me into it. Although i'm going to try the latest nightly release to make sure it hasn't been patched yet.

 

[rm-r]

good on you - sounds like a good plan! any tips on the AD setup part too?

 

[Jeepers183]

Use Microsoft. Hahaha. Seriously tho several of my issues were resolved after upgrading to the nightly build but i believe i screwed up some config, or sync between the webgui and the samba service. I tried a factory restore and when my volumes disappeared i about had a heart attack so i restored my backup and stood up a virtual 2008 server. I may readdress this in the future but after 2 days of headaches i just want something to work properly. I also think some of the problem is my learning curve with FreeNAS so once i play with it in an environment that i know, and maybe give some time for some documentation to become available, i can give it another shot with much more knowledge.

 

[tose]

Jeepers,

Just for your sanity's sake, let me add that I had almost an identical experience to yourself trying to provision a DC through the FreeNAS 9.2.1 beta WebGUI. I too was able to provision it from the command line with the same "-ntvfs" option. (only after I had fixed a broken "samba4" symlink in /var/db). I checked the smb4.conf file after that & it included all the appropriate entries for a DC. However, despite having mounted the filesystem writable prior to provisioning, the DC provisioning did not survive a reboot. Like you I acknowledge the beta status of the release & my own noobness where FreeNAS is concerned.

More than happy to kick around experiences with yourself or anyone else interested as I too am keen to get it working.

 

[Jeepers183]

I'm so happy someone else had an issue. I messaged someone who put in a bug report that was resolved with a nightly build and he hasn't had any issues since the update. I'm operating with my Microsoft Server for now until i have the sanity to try again.

With that said i would recommend upgrading to the latest nightly build, it adds a storage settings in your domain controller settings that will let you launch the service after you save the settings. This is as far as i got and i'm suspecting i may have had a DNS issue at this point but i threw in the towl and fired up VM.

On a side note, have you joined freenas to an existing domain and had issues installing plugins after?

 

[tose]

Mmm. I've just this afternoon downloaded 9.2.1-RC & installed it. I assume it would contain the most recent nightly build stuff (but happy to be corrected on that). Don't want to say too much as I've only had a quick play, but the GUI still seems not to "provision" a DC for me. None of the data I save in the "Domain Controller" dialog actually "sticks". (By this I mean I can go straight back into it after saving the settings & receiving the "Domain Controller successfully updated" popup, but the settings are again blank & smb4.conf doesn't have any of the DC specific stuff either).

No, I haven't joined FreeNAS to an existing domain. My interest is in a non-M$ AD replacement. I've been happily running a Zentyal 3.2 Server with Zarafa for groupware as my own server for a while now & it's really solid. But I'm inclined towards a more NAS style "lighter-weight" solution, hence the interest in FreeNAS.

 

[Jeepers183]

I was having that problem as well, are you doing it from the services tab or the tree (The tab seamed to be the one that would actually hold it at least in the WebGui). And if you have the storage path you are on one of the latest builds.

Have you tried a factory reset then reconfigure everything?

 

[tose]

Thanks for that. When I look via the services tab the info is there. No time now but will work on it further & let you know. Cheers

 

[Jeepers183]

Since both of us had the sync issue i'll go ahead and submit a bug report on it. I'll hold off on the deeper AD issues until one of us can verify.

 

[tose]

Ok, great. I won't have much time now till the weekend. (Fri morning now, I'm in Australia) But will definitely work further on this & report back.

 

[tose]

Ok, have got mine working (at least as far as joining a client to the domain & accessing shares).

I'm still perplexed by something. I'm pretty sure I had to fix that /var/db/samba4 symlink (point it at /var/db/samba) before I could provision the dc via the FreeNAS GUI. But perhaps it was the "Factory Restore" that did it, as you suggested. Anyhow, it now points to the Directory Service Storage Path as specified in the Directory Service settings dialog. I hate those little mysteries so I will redo the process when I get time to confirm.

Another thing I'm finding a little odd is that the standard AD shares like netlogon don't seem to be defined or accessible. Oh well, lots more to learn & figure out I guess.

 

[eriove]

I was having that problem as well, are you doing it from the services tab or the tree (The tab seamed to be the one that would actually hold it at least in the WebGui). And if you have the storage path you are on one of the latest builds.

Have you tried a factory reset then reconfigure everything?

Thank you! I can confirm that you have to set "Directory Service" to "Domain Controller" on the Settings tab. Once that is done "Directory Services" are available in the Services tab and the settings stay when opening the "Directory Service Settings" dialog from the tab (still empty from the tree).

Another minor issue is that the service fail to start if you set "Realm" and "Domain" to the same name. This is most likely obvious for someone that is used to configure Domains but could be worth mentioning in the documentation/tool-tips.