agshekeloh
Cadet
- Joined
- Jul 1, 2011
- Messages
- 2
Hi,
Running: FreeNAS-8.3.0-RC1-x64 (r12617)
My network has a local LDAP server for our groups, usernames, and passwords. I want to authenticate against this LDAP when a user access the freenas CIFS shares. Authentication fails. Any assistance would be vastly appreciated!
freenas-debug -c shows usernames and groups from LDAP, so I believe that the LDAP connection is working OK.
I then restart the CIFS service. All seems well. My Windows workstation can open \\servername\ and see the shares. But when I try to open a share I get:
[2012/10/24 11:24:57.473050, 0] passdb/secrets.c:350(fetch_ldap_pw)
fetch_ldap_pw: neither ldap secret retrieved!
[2012/10/24 11:24:57.473088, 0] lib/smbldap.c:1180(smbldap_connect_system)
ldap_connect_system: Failed to retrieve password from secrets.tdb
[2012/10/24 11:24:57.473224, 1] lib/smbldap.c:1409(another_ldap_try)
Connection to LDAP server failed for the 1 try!
[2012/10/24 11:24:58.506967, 0] passdb/secrets.c:350(fetch_ldap_pw)
fetch_ldap_pw: neither ldap secret retrieved!
[2012/10/24 11:24:58.506991, 0] lib/smbldap.c:1180(smbldap_connect_system)
ldap_connect_system: Failed to retrieve password from secrets.tdb
[2012/10/24 11:24:58.507092, 1] lib/smbldap.c:1409(another_ldap_try)
Connection to LDAP server failed for the 2 try!
...
This repeats until the 15th try, when the log shows:
[2012/10/24 11:25:25.612284, 1] smbd/process.c:457(receive_smb_talloc)
receive_smb_raw_talloc failed for client x.x.x.x read error = NT_STATUS_CONNECTION_RESET.
The generated smb.conf from /etc/local is:
[global]
encrypt passwords = yes
dns proxy = no
strict locking = no
read raw = yes
write raw = yes
oplocks = yes
max xmit = 65535
deadtime = 15
display charset = LOCALE
max log size = 10
syslog only = yes
syslog = 1
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
smb passwd file = /var/etc/private/smbpasswd
private dir = /var/etc/private
getwd cache = yes
guest account = nobody
map to guest = Bad Password
obey pam restrictions = Yes
# NOTE: read smb.conf.
directory name cache size = 0
netbios name = freenas
workgroup = anonymized
server string = moonbase3
use sendfile = yes
large readwrite = no
store dos attributes = yes
hostname lookups = yes
local master = yes
time server = yes
security = user
passdb backend = ldapsam:ldap://ldap.example.com
ldap suffix = dc=example,dc=com
ldap user suffix = ou=people
ldap group suffix = ou=groups
ldap ssl = start tls
ldap replication sleep = 1000
ldap passwd sync = yes
#ldap debug level = 1
#ldap debug threshold = 1
ldapsam:trusted = yes
idmap uid = 10000-39999
idmap gid = 10000-39999
create mask = 0666
directory mask = 0777
client ntlmv2 auth = yes
dos charset = CP437
unix charset = UTF-8
log level = 1
[homes]
comment = Home Directories
valid users = %U
writable = yes
browseable = yes
path = /mnt/storage1/sambahomes/%U
[cdr]
path = /mnt/storage1/CDR
printable = no
veto files = /.snap/.windows/.zfs/
comment = cdrs from switches
writeable = yes
browseable = yes
inherit owner = no
inherit permissions = no
vfs objects = zfsacl
hosts allow = x.y.z.*, a.b.c.*
guest ok = no
inherit acls = Yes
map archive = No
map readonly = no
nfs4:mode = special
nfs4:acedup = merge
nfs4:chown = yes
[iobase4]
path = /mnt/storage2/iobase4
printable = no
veto files = /.snap/.windows/.zfs/
writeable = no
browseable = yes
inherit owner = no
inherit permissions = no
vfs objects = zfsacl
hosts allow = x.y.z.0/24, a.b.c.0/24
hosts deny = ALL
guest ok = no
inherit acls = Yes
map archive = No
map readonly = no
nfs4:mode = special
nfs4:acedup = merge
nfs4:chown = yes
Running: FreeNAS-8.3.0-RC1-x64 (r12617)
My network has a local LDAP server for our groups, usernames, and passwords. I want to authenticate against this LDAP when a user access the freenas CIFS shares. Authentication fails. Any assistance would be vastly appreciated!
freenas-debug -c shows usernames and groups from LDAP, so I believe that the LDAP connection is working OK.
I then restart the CIFS service. All seems well. My Windows workstation can open \\servername\ and see the shares. But when I try to open a share I get:
[2012/10/24 11:24:57.473050, 0] passdb/secrets.c:350(fetch_ldap_pw)
fetch_ldap_pw: neither ldap secret retrieved!
[2012/10/24 11:24:57.473088, 0] lib/smbldap.c:1180(smbldap_connect_system)
ldap_connect_system: Failed to retrieve password from secrets.tdb
[2012/10/24 11:24:57.473224, 1] lib/smbldap.c:1409(another_ldap_try)
Connection to LDAP server failed for the 1 try!
[2012/10/24 11:24:58.506967, 0] passdb/secrets.c:350(fetch_ldap_pw)
fetch_ldap_pw: neither ldap secret retrieved!
[2012/10/24 11:24:58.506991, 0] lib/smbldap.c:1180(smbldap_connect_system)
ldap_connect_system: Failed to retrieve password from secrets.tdb
[2012/10/24 11:24:58.507092, 1] lib/smbldap.c:1409(another_ldap_try)
Connection to LDAP server failed for the 2 try!
...
This repeats until the 15th try, when the log shows:
[2012/10/24 11:25:25.612284, 1] smbd/process.c:457(receive_smb_talloc)
receive_smb_raw_talloc failed for client x.x.x.x read error = NT_STATUS_CONNECTION_RESET.
The generated smb.conf from /etc/local is:
[global]
encrypt passwords = yes
dns proxy = no
strict locking = no
read raw = yes
write raw = yes
oplocks = yes
max xmit = 65535
deadtime = 15
display charset = LOCALE
max log size = 10
syslog only = yes
syslog = 1
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
smb passwd file = /var/etc/private/smbpasswd
private dir = /var/etc/private
getwd cache = yes
guest account = nobody
map to guest = Bad Password
obey pam restrictions = Yes
# NOTE: read smb.conf.
directory name cache size = 0
netbios name = freenas
workgroup = anonymized
server string = moonbase3
use sendfile = yes
large readwrite = no
store dos attributes = yes
hostname lookups = yes
local master = yes
time server = yes
security = user
passdb backend = ldapsam:ldap://ldap.example.com
ldap suffix = dc=example,dc=com
ldap user suffix = ou=people
ldap group suffix = ou=groups
ldap ssl = start tls
ldap replication sleep = 1000
ldap passwd sync = yes
#ldap debug level = 1
#ldap debug threshold = 1
ldapsam:trusted = yes
idmap uid = 10000-39999
idmap gid = 10000-39999
create mask = 0666
directory mask = 0777
client ntlmv2 auth = yes
dos charset = CP437
unix charset = UTF-8
log level = 1
[homes]
comment = Home Directories
valid users = %U
writable = yes
browseable = yes
path = /mnt/storage1/sambahomes/%U
[cdr]
path = /mnt/storage1/CDR
printable = no
veto files = /.snap/.windows/.zfs/
comment = cdrs from switches
writeable = yes
browseable = yes
inherit owner = no
inherit permissions = no
vfs objects = zfsacl
hosts allow = x.y.z.*, a.b.c.*
guest ok = no
inherit acls = Yes
map archive = No
map readonly = no
nfs4:mode = special
nfs4:acedup = merge
nfs4:chown = yes
[iobase4]
path = /mnt/storage2/iobase4
printable = no
veto files = /.snap/.windows/.zfs/
writeable = no
browseable = yes
inherit owner = no
inherit permissions = no
vfs objects = zfsacl
hosts allow = x.y.z.0/24, a.b.c.0/24
hosts deny = ALL
guest ok = no
inherit acls = Yes
map archive = No
map readonly = no
nfs4:mode = special
nfs4:acedup = merge
nfs4:chown = yes
