AD/FREEIPA/FREENAS, who's up for the challenge?

Status
Not open for further replies.
D

Daryl Melanson

Cadet
Joined
Oct 27, 2016
Messages
3
Hey all,

So here is the situation, We have a windows 2012 R2 RODC that has a one way trust with freeIPA 4.3 server. I need to be able to authenticate my CIFS/SMB share on Freenas 9.10 with either of these using the windows domain creds. (ldap to AD can also be used). The caveat is that the machines accessing the shares could be window/linux but will NOT be joined to the windows domain or the ipa domain.

If anyone has succeeded in accomplishing this or know if its even possible please let me know. I have been working on different attempts for 4 days strait now and i am unable to meet my boss's requirement/expectations.

Thanks so much in advance.
D
 
anodos

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,554
Daryl Melanson said:
Hey all,

So here is the situation, We have a windows 2012 R2 RODC that has a one way trust with freeIPA 4.3 server. I need to be able to authenticate my CIFS/SMB share on Freenas 9.10 with either of these using the windows domain creds. (ldap to AD can also be used). The caveat is that the machines accessing the shares could be window/linux but will NOT be joined to the windows domain or the ipa domain.

If anyone has succeeded in accomplishing this or know if its even possible please let me know. I have been working on different attempts for 4 days strait now and i am unable to meet my boss's requirement/expectations.

Thanks so much in advance.
D
Click to expand...

Post /usr/local/etc/smb4.conf file and messages from /var/log/samba4/log.wb-*
 
D

Daryl Melanson

Cadet
Joined
Oct 27, 2016
Messages
3
anodos said:
Post /usr/local/etc/smb4.conf file and messages from /var/log/samba4/log.wb-*
Click to expand...

Hey thanks for the hellp, here are the requested files.
Code:
[global]
	server max protocol = SMB3
	encrypt passwords = yes
	dns proxy = no
	strict locking = no
	oplocks = yes
	deadtime = 15
	max log size = 51200
	max open files = 235064
	logging = file
	load printers = no
	printing = bsd
	printcap name = /dev/null
	disable spoolss = yes
	getwd cache = yes
	guest account = nobody
	map to guest = Bad User
	obey pam restrictions = yes
	directory name cache size = 0
	kernel change notify = no
	panic action = /usr/local/libexec/samba/samba-backtrace
	nsupdate command = /usr/local/bin/samba-nsupdate -g
	server string = FreeNAS Server
	ea support = yes
	store dos attributes = yes
	lm announce = yes
	hostname lookups = yes
	time server = yes
	acl allow execute always = true
	dos filemode = yes
	multicast dns register = yes
	domain logons = yes
	local master = yes
	idmap config *: backend = tdb
	idmap config *: range = 90000001-100000000
	server role = standalone
	netbios name = FREENAS_THREE
	netbios aliases = FREENAS3
	workgroup = LAB.COR
	security = user
	pid directory = /var/run/samba
	create mask = 0666
	directory mask = 0777
	client ntlmv2 auth = yes
	dos charset = CP437
	unix charset = UTF-8
	log level = 1


[test]
	path = /mnt/Freenaas_three
	printable = no
	veto files = /.snapshot/.windows/.mac/.zfs/
	writeable = yes
	browseable = yes
	vfs objects = zfs_space zfsacl aio_pthread
	hide dot files = yes
	guest ok = no
	nfs4:mode = special
	nfs4:acedup = merge
	nfs4:chown = true
	zfsacl:acesort = dontcare

---------------------------------------------------------------------------------------------------------
Code:
/var/log/samba4/log.wb-
[2016/10/25 13:15:22.689880,  0] ../source3/winbindd/winbindd.c:271(winbindd_sig_term_han
dler)
  Got sig[15] terminate (is_parent=0)
[2016/10/25 13:28:20.032101,  0] ../source3/winbindd/winbindd.c:271(winbindd_sig_term_han
dler)
  Got sig[15] terminate (is_parent=0)
[2016/10/25 13:47:30.313667,  0] ../source3/winbindd/winbindd.c:271(winbindd_sig_term_han
dler)
  Got sig[15] terminate (is_parent=0)
[2016/10/26 07:43:25.954064,  0] ../source3/winbindd/winbindd.c:271(winbindd_sig_term_han
dler)
  Got sig[15] terminate (is_parent=0)
[2016/10/26 07:45:04.384433,  0] ../source3/winbindd/winbindd.c:271(winbindd_sig_term_han
dler)
  Got sig[15] terminate (is_parent=0)
[2016/10/27 09:42:10.180808,  0] ../source3/winbindd/winbindd.c:271(winbindd_sig_term_han
dler)
  Got sig[15] terminate (is_parent=0)
[2016/10/27 10:59:20.791537,  0] ../source3/winbindd/winbindd.c:271(winbindd_sig_term_han
dler)
  Got sig[15] terminate (is_parent=0)
[2016/10/27 13:08:42.302964,  0] ../source3/winbindd/winbindd.c:271(winbindd_sig_term_han
dler)
  Got sig[15] terminate (is_parent=0)
[2016/10/27 13:11:12.737909,  0] ../source3/winbindd/winbindd.c:271(winbindd_sig_term_han
dler)
  Got sig[15] terminate (is_parent=0)
[2016/10/27 13:17:36.851867,  0] ../source3/winbindd/winbindd.c:271(winbindd_sig_term_han
dler)
  Got sig[15] terminate (is_parent=0)
 
Last edited by a moderator:
D

Daryl Melanson

Cadet
Joined
Oct 27, 2016
Messages
3
Well I managed to get it 90% working, the only problem now is that I can't point it to a RODC. If I point it to a writable DC it works fine. The issue is that every time the active directory service is stopped it leaves the domain and has to rejoin it every time. Why does it behave this way and is there anyway we could have it reconnect top the existing account?
 
Status
Not open for further replies.

Similar threads

Howard Swope
  • Locked
FreeNAS LDAP with FreeIPA
Replies
7
Views
8K
{mystery}{of}{time}
M
P
  • Locked
Unable to join domain with LDAP or AD
Replies
8
Views
11K
eaykoc
E
R
  • Locked
SOLVED AD intergration vs ISCSI
Replies
3
Views
2K
R wkgs
R
vainkop
  • Locked
FreeNAS 11 + samba4 AD DC - Can't contact LDAP server
Replies
5
Views
11K
EsJ
E
D
  • Locked
Active Directory joined FreeNAS, boot behaviour if PDC is down
Replies
3
Views
1K
Daniele Nosella
D
Top