Bind to Azure Active Directory?

plsuh

Dabbler
Joined
Apr 26, 2019
Messages
11
Is there a guide somewhere on how to bind my FreeNAS server to Azure AD? I'm pretty savvy with LDAP and AD and I have bound FreeNAS to a local AD domain controller before.
 

plsuh

Dabbler
Joined
Apr 26, 2019
Messages
11
I haven't tried yet, as there are several issues that I can see right from the start.
  1. As per Microsoft's documentation, I am using a self-signed wildcard certificate to protect the LDAPS connection. There doesn't seem to be any place to create a certificate trust with that self-signed cert. Heck, there doesn't seem to be a place to establish trust to a third-party CA anywhere in the UI.
  2. What other ports will be needed to connect to the AD domain controller external IP? I know that as a standard part of the AD binding process there are a number of exchanges and DNS lookups that happen for service discovery.
  3. Is there a way to specify the schema being used? Under LDAP there are mappings for rfc2307 and rfc2307bis but none for the AD schema.
Thanks for any assistance you can provide.
 

plsuh

Dabbler
Joined
Apr 26, 2019
Messages
11
Not really. I also tried asking on the IRC channel as well and no one there had any good suggestions. I am in the process of standing up a site-to-site VPN tunnel between the Azure AD Domain Services subnet and my LAN, so that I can do a standard AD bind.
 

echelon5

Explorer
Joined
Apr 20, 2016
Messages
79
Not really. I also tried asking on the IRC channel as well and no one there had any good suggestions. I am in the process of standing up a site-to-site VPN tunnel between the Azure AD Domain Services subnet and my LAN, so that I can do a standard AD bind.

Any luck with this?
 

plsuh

Dabbler
Joined
Apr 26, 2019
Messages
11
Holy moly this is expensive. I'm just running it on a hobbyist/experimentation basis and the Azure AD domain + the Azure Virtual Network Gateway is running over $200 USD/month together! That's around $2500/year, just for authentication with minimal data going back and forth. I'm going to be exploring other routes to make this work.
 

plsuh

Dabbler
Joined
Apr 26, 2019
Messages
11
I have set up a local AD domain controller and I'm preparing to implement Azure AD Connect to implement sync. I'm being very cautious since it's a mostly one-way sync (local DC to cloud) although password changes can be sync'ed back. I don't want to wipe any cloud accounts that are already established.

I'm also cross linking to another thread on this topic, just so that people are aware of it. I would suggest that any additional posts should be to this thread, just to keep everything in one place.

 

bobpaul

Dabbler
Joined
Dec 20, 2012
Messages
23
Finally getting back to this, with success! I put a writeup here:
So is this right:
- VPN handled in your router or another system
- FreeNAS acts as local AD controller
- Users managed via Azure AD

Can Computers still join FreeNAS AD for local GPO management? Maybe that's silly since I think Windows 10 Pro can directly join an Azure AD.
 
Top