All hardware exceeds all minimum requirements.
FreeNAS 9.10 (newest, stable version)
Just trying to check my thinking on parameters and get a high level view of what is going on.
We have an AD server that is on VLAN A and a FreeNAS we are trying to connect to on VLAN B. There is a complex firewall in place to prohibit traffic between the two VLANs but we have put an exemption in the service to allow the FreeNAS's specific mac address to go through. To our eyes, it is completely open. Share can be access on the VLAN B and by admins with similar mac address exemptions who are on a different VLAN. We can ping the AD server from the Callisto and the "dig" command gives us the PTR record we are looking for. The AD server has had the object and DNS A record created. To put it plainly, we have spent over 24 hours over about 2 weeks in dealing with this particular issue. We have done fresh installs, factory restores, and save boot configs along the way to make sure we could go back so no stale information is being saved.
The issue for this particular installation, as we have successfully bound AD to FreeNAS on many different occasions, is that we continually get "Cant contact LDAP server" and "Invalid credentials, 80090308: LdapErr: DSID-0C0903C8, comment: AcceptSecurityContext error, data 52e, v2580" as alternating errors.
We also tried a TCP packet dump to see exactly what was going on with the handshake. The FreeNAS is able to contact the AD server successfully but then immediately unbinds. We have not been able to research this as we have not seen this problem elsewhere in forums or AD server forums in general.
We have checked and researched both and have added fresh DNS records and objects to the AD with simple passwords and username to verify we are using correct credentials. Again, we have done this many times. The only key difference we see if the separation of the FreeNAS and the AD server. There is a strict security requirement that does not allow us to put the FreeNAS and the AD server on the same VLAN or else we would try that.
One thing we were thinking about was changing the security setting to allow for the specific IP address as it is static rather than the mac address....
All in all, any informed responses or constructive advice on this situation would be appreciate. It is a difficult situation because of the multiple layers we are dealing with. For that, I understand if feedback is limited. More or less I would just like to know if AD or if FreeNAS or both support binding while on separate VLANS...
Thank you.
FreeNAS 9.10 (newest, stable version)
Just trying to check my thinking on parameters and get a high level view of what is going on.
We have an AD server that is on VLAN A and a FreeNAS we are trying to connect to on VLAN B. There is a complex firewall in place to prohibit traffic between the two VLANs but we have put an exemption in the service to allow the FreeNAS's specific mac address to go through. To our eyes, it is completely open. Share can be access on the VLAN B and by admins with similar mac address exemptions who are on a different VLAN. We can ping the AD server from the Callisto and the "dig" command gives us the PTR record we are looking for. The AD server has had the object and DNS A record created. To put it plainly, we have spent over 24 hours over about 2 weeks in dealing with this particular issue. We have done fresh installs, factory restores, and save boot configs along the way to make sure we could go back so no stale information is being saved.
The issue for this particular installation, as we have successfully bound AD to FreeNAS on many different occasions, is that we continually get "Cant contact LDAP server" and "Invalid credentials, 80090308: LdapErr: DSID-0C0903C8, comment: AcceptSecurityContext error, data 52e, v2580" as alternating errors.
We also tried a TCP packet dump to see exactly what was going on with the handshake. The FreeNAS is able to contact the AD server successfully but then immediately unbinds. We have not been able to research this as we have not seen this problem elsewhere in forums or AD server forums in general.
We have checked and researched both and have added fresh DNS records and objects to the AD with simple passwords and username to verify we are using correct credentials. Again, we have done this many times. The only key difference we see if the separation of the FreeNAS and the AD server. There is a strict security requirement that does not allow us to put the FreeNAS and the AD server on the same VLAN or else we would try that.
One thing we were thinking about was changing the security setting to allow for the specific IP address as it is static rather than the mac address....
All in all, any informed responses or constructive advice on this situation would be appreciate. It is a difficult situation because of the multiple layers we are dealing with. For that, I understand if feedback is limited. More or less I would just like to know if AD or if FreeNAS or both support binding while on separate VLANS...
Thank you.