Hi,
Anyone have good experience on configuring FreeNAS with LDAP in corporate environment.
Recently we have purchased a FreeNAS device and trying to configure and integrate with Directory service (ldap) running in network. I have done with the initial LDAP server configuration which is running in our network, but end up with not able to fetch user and group info from directory service.
FreeNAS Verion: FreeNAS-9.10.2-U4
Please help me how to fix this issue.
Below I have given three log information.
1: Error log in FreeNAS: (/var/log/message):
Jul 13 15:22:13 freenas LDAP: /usr/sbin/service sssd onestop
Jul 13 15:22:13 freenas LDAP: /usr/sbin/service ix-sssd start
Jul 13 15:22:13 freenas LDAP: /usr/sbin/service ix-ldap forcestop
Jul 13 15:22:15 freenas LDAP: /usr/sbin/service ix-nsswitch quietstop
Jul 13 15:22:15 freenas LDAP: /usr/sbin/service ix-pam quietstop
Jul 13 15:22:15 freenas LDAP: /usr/sbin/service ix-cache quietstop &
Jul 13 15:22:16 freenas LDAP: /usr/sbin/service ix-kinit quietstop
Jul 13 15:22:24 freenas LDAP: /usr/sbin/service ix-ldap quietstart
Jul 13 15:22:30 freenas LDAP: /usr/sbin/service ix-nsswitch quietstart
Jul 13 15:22:30 freenas LDAP: /usr/sbin/service ix-sssd start
Jul 13 15:22:31 freenas LDAP: /usr/sbin/service sssd onestart
Jul 13 15:22:31 freenas LDAP: /usr/sbin/service ix-ldap status
Jul 13 15:22:31 freenas LDAP: /usr/sbin/service ix-pam quietstart
Jul 13 15:22:31 freenas LDAP: /usr/sbin/service ix-cache quietstart &
Jul 13 03:20:46 freenas alert.py: [common.pipesubr:66] Popen()ing: /usr/local/sbin/dmidecode -s system-product-name
Jul 13 03:20:46 freenas alert.py: [common.pipesubr:66] Popen()ing: /usr/local/sbin/dmidecode -s baseboard-product-name
Jul 13 16:24:35 freenas cachetool.py: [common.freenasusers:346] Directory Users could not be retrieved: {'desc': "Can't contact LDAP server"}
2: Debug log: (/var/log/debug.log):
Jul 13 16:31:07 freenas cachetool.py: [common.freenasldap:2489] FreeNAS_LDAP_Users.__get_users: enter
Jul 13 16:31:07 freenas cachetool.py: [common.freenasldap:2508] FreeNAS_LDAP_Users.__get_users: LDAP users not in cache
Jul 13 16:31:07 freenas cachetool.py: [common.freenasldap:850] FreeNAS_LDAP_Base.get_users: enter
Jul 13 16:31:07 freenas cachetool.py: [common.freenasldap:274] FreeNAS_LDAP_Directory.open: enter
Jul 13 16:31:07 freenas cachetool.py: [common.freenasldap:281] FreeNAS_LDAP_Directory.open: uri = ldap://<freeNASserver.****.***>:389
Jul 13 16:31:07 freenas cachetool.py: [common.freenasldap:284] FreeNAS_LDAP_Directory.open: initialized
Jul 13 16:31:07 freenas cachetool.py: [common.freenasldap:328] FreeNAS_LDAP_Directory.open: trying to bind
Jul 13 16:31:07 freenas cachetool.py: [common.freenasldap:229] FreeNAS_LDAP_Directory.open: (authenticated bind) trying to bind to <freeNASserver.****.***>:389
Jul 13 16:31:12 freenas cachetool.py: [common.freenasldap:330] FreeNAS_LDAP_Directory.open: binded
Jul 13 16:31:12 freenas cachetool.py: [common.freenasldap:344] FreeNAS_LDAP_Directory.open: connection open
Jul 13 16:31:12 freenas cachetool.py: [common.freenasldap:346] FreeNAS_LDAP_Directory.open: leave
Jul 13 16:31:12 freenas cachetool.py: [common.freenasldap:366] FreeNAS_LDAP_Directory._search: enter
Jul 13 16:31:12 freenas cachetool.py: [common.freenasldap:369] FreeNAS_LDAP_Directory._search: basedn = 'dc=<********>,dc=net', filter = '(&(|(objectclass=person)(objectclass=posixaccount)(objectclass=account))(uid=*))'
Jul 13 16:31:12 freenas cachetool.py: [common.freenasldap:401] FreeNAS_LDAP_Directory._search: pagesize = 1024
Jul 13 16:31:12 freenas cachetool.py: [common.freenasldap:408] FreeNAS_LDAP_Directory._search: getting page 0
Jul 13 16:34:00 freenas update_check.py: [freenasOS.Configuration:637] TryGetNetworkFile(['http://update.ixsystems.com/FreeNAS/trains.txt', 'http://update-master.ixsystems.com/FreeNAS/trains.txt'])
3: ldap config file:
+--------------------------------------------------------------------------------+
+ ldaptool get config_file @1499943659 +
+--------------------------------------------------------------------------------+
ldap_basedn=dc=<********>,dc=net
ldap_binddn="CN=<***user*****>,OU=<********>,OU=Users,OU=*****,DC=<********>,DC=net"
ldap_anonbind=0
ldap_hostname=<freeNASserver.****.***>
ldap_host=<freeNASserver.****.***>
ldap_port=389
ldap_usersuffix=
ldap_groupsuffix=
ldap_machinesuffix=
ldap_passwordsuffix=
ldap_sudosuffix=
ldap_krb_realm=
ldap_krb_kdc=
ldap_krb_admin_server=
ldap_krb_kpasswd_server=
ldap_keytab_principal=
ldap_keytab_file=
ldap_ssl=off
ldap_has_samba_schema=1
ldap_use_default_domain=0
ldap_certfile=
ldap_idmap_backend=ldap
ldap_timeout=10
ldap_dns_timeout=10
debug finished in 7 seconds for ldaptool get config_file
Anyone have good experience on configuring FreeNAS with LDAP in corporate environment.
Recently we have purchased a FreeNAS device and trying to configure and integrate with Directory service (ldap) running in network. I have done with the initial LDAP server configuration which is running in our network, but end up with not able to fetch user and group info from directory service.
FreeNAS Verion: FreeNAS-9.10.2-U4
Please help me how to fix this issue.
Below I have given three log information.
1: Error log in FreeNAS: (/var/log/message):
Jul 13 15:22:13 freenas LDAP: /usr/sbin/service sssd onestop
Jul 13 15:22:13 freenas LDAP: /usr/sbin/service ix-sssd start
Jul 13 15:22:13 freenas LDAP: /usr/sbin/service ix-ldap forcestop
Jul 13 15:22:15 freenas LDAP: /usr/sbin/service ix-nsswitch quietstop
Jul 13 15:22:15 freenas LDAP: /usr/sbin/service ix-pam quietstop
Jul 13 15:22:15 freenas LDAP: /usr/sbin/service ix-cache quietstop &
Jul 13 15:22:16 freenas LDAP: /usr/sbin/service ix-kinit quietstop
Jul 13 15:22:24 freenas LDAP: /usr/sbin/service ix-ldap quietstart
Jul 13 15:22:30 freenas LDAP: /usr/sbin/service ix-nsswitch quietstart
Jul 13 15:22:30 freenas LDAP: /usr/sbin/service ix-sssd start
Jul 13 15:22:31 freenas LDAP: /usr/sbin/service sssd onestart
Jul 13 15:22:31 freenas LDAP: /usr/sbin/service ix-ldap status
Jul 13 15:22:31 freenas LDAP: /usr/sbin/service ix-pam quietstart
Jul 13 15:22:31 freenas LDAP: /usr/sbin/service ix-cache quietstart &
Jul 13 03:20:46 freenas alert.py: [common.pipesubr:66] Popen()ing: /usr/local/sbin/dmidecode -s system-product-name
Jul 13 03:20:46 freenas alert.py: [common.pipesubr:66] Popen()ing: /usr/local/sbin/dmidecode -s baseboard-product-name
Jul 13 16:24:35 freenas cachetool.py: [common.freenasusers:346] Directory Users could not be retrieved: {'desc': "Can't contact LDAP server"}
2: Debug log: (/var/log/debug.log):
Jul 13 16:31:07 freenas cachetool.py: [common.freenasldap:2489] FreeNAS_LDAP_Users.__get_users: enter
Jul 13 16:31:07 freenas cachetool.py: [common.freenasldap:2508] FreeNAS_LDAP_Users.__get_users: LDAP users not in cache
Jul 13 16:31:07 freenas cachetool.py: [common.freenasldap:850] FreeNAS_LDAP_Base.get_users: enter
Jul 13 16:31:07 freenas cachetool.py: [common.freenasldap:274] FreeNAS_LDAP_Directory.open: enter
Jul 13 16:31:07 freenas cachetool.py: [common.freenasldap:281] FreeNAS_LDAP_Directory.open: uri = ldap://<freeNASserver.****.***>:389
Jul 13 16:31:07 freenas cachetool.py: [common.freenasldap:284] FreeNAS_LDAP_Directory.open: initialized
Jul 13 16:31:07 freenas cachetool.py: [common.freenasldap:328] FreeNAS_LDAP_Directory.open: trying to bind
Jul 13 16:31:07 freenas cachetool.py: [common.freenasldap:229] FreeNAS_LDAP_Directory.open: (authenticated bind) trying to bind to <freeNASserver.****.***>:389
Jul 13 16:31:12 freenas cachetool.py: [common.freenasldap:330] FreeNAS_LDAP_Directory.open: binded
Jul 13 16:31:12 freenas cachetool.py: [common.freenasldap:344] FreeNAS_LDAP_Directory.open: connection open
Jul 13 16:31:12 freenas cachetool.py: [common.freenasldap:346] FreeNAS_LDAP_Directory.open: leave
Jul 13 16:31:12 freenas cachetool.py: [common.freenasldap:366] FreeNAS_LDAP_Directory._search: enter
Jul 13 16:31:12 freenas cachetool.py: [common.freenasldap:369] FreeNAS_LDAP_Directory._search: basedn = 'dc=<********>,dc=net', filter = '(&(|(objectclass=person)(objectclass=posixaccount)(objectclass=account))(uid=*))'
Jul 13 16:31:12 freenas cachetool.py: [common.freenasldap:401] FreeNAS_LDAP_Directory._search: pagesize = 1024
Jul 13 16:31:12 freenas cachetool.py: [common.freenasldap:408] FreeNAS_LDAP_Directory._search: getting page 0
Jul 13 16:34:00 freenas update_check.py: [freenasOS.Configuration:637] TryGetNetworkFile(['http://update.ixsystems.com/FreeNAS/trains.txt', 'http://update-master.ixsystems.com/FreeNAS/trains.txt'])
3: ldap config file:
+--------------------------------------------------------------------------------+
+ ldaptool get config_file @1499943659 +
+--------------------------------------------------------------------------------+
ldap_basedn=dc=<********>,dc=net
ldap_binddn="CN=<***user*****>,OU=<********>,OU=Users,OU=*****,DC=<********>,DC=net"
ldap_anonbind=0
ldap_hostname=<freeNASserver.****.***>
ldap_host=<freeNASserver.****.***>
ldap_port=389
ldap_usersuffix=
ldap_groupsuffix=
ldap_machinesuffix=
ldap_passwordsuffix=
ldap_sudosuffix=
ldap_krb_realm=
ldap_krb_kdc=
ldap_krb_admin_server=
ldap_krb_kpasswd_server=
ldap_keytab_principal=
ldap_keytab_file=
ldap_ssl=off
ldap_has_samba_schema=1
ldap_use_default_domain=0
ldap_certfile=
ldap_idmap_backend=ldap
ldap_timeout=10
ldap_dns_timeout=10
debug finished in 7 seconds for ldaptool get config_file
