Hi All! This is my first post, and I'm brand-new to FreeNAS, so please do not hesitate to correct me wherever I'm wrong. I'm guessing I'm missing something obvious.
So, I have a running FreeNAS-11.0-U4 server running just fine on its own. The goal of this server is to be a target for Veeam and Shadow Copy backups. I wish to restrict access to the NAS to only a select few servers (I understand that part,) but also to only a few select AD users which would only be a Service Account for Veeam and perhaps a Server Admins user accounts. I have a functioning SMB share configured, but it requires "local to the NAS" authentication. I would rather authenticate against my Active Directory.
I understand that this server could technically be joined to my Active Directory Domain, but I'd rather avoid that if possible. Rather, I'd rather it just authenticate against my AD to restrict/allow access. I'm able to do this with the likes of WordPress or other web-type apps/devices, but I'm having trouble making it work for FreeNAS.
I have entered the Active Directory information required as best I know how (I thought it would just work,) but it doesn't cache the Users/Groups as I expected. Further, when I go to the FreeNAS shell and run "wbinfo -t" I get:
-----------------------
root@ilch-freenas:~ # wbinfo -t
checking the trust secret for domain WORKGROUP via RPC calls failed
wbcCheckTrustCredentials(WORKGROUP): error code was NT_STATUS_NO_SUCH_DOMAIN (0xc00000df)
failed to call wbcCheckTrustCredentials: WBC_ERR_AUTH_ERROR
Could not check secret
-----------------------
Why is it checking the NETBIOS Workgroup? As best I can tell, that setting is configured by going to Services -> SMB and changing the Workgroup option (I have tried changing the Workgroup option to the name of my Domain, to no avail.)
Based on what the error is telling me, I'm not surprised that it's failing, but does this mean that I must join the server to the AD Domain? Surely not, or at least I hope.
Worst case, I can make using Authentication internally to the FreeNAS work, but it would be nicer if I could make the server authenticate against my AD without actually joining the server...don't ask why :)
I spent the better part of this afternoon Google'ing and doing trial and error to solve this, and can't wait until someone points me to the simple solution that I obviously missed :)
Thanks in advance for any advice!
So, I have a running FreeNAS-11.0-U4 server running just fine on its own. The goal of this server is to be a target for Veeam and Shadow Copy backups. I wish to restrict access to the NAS to only a select few servers (I understand that part,) but also to only a few select AD users which would only be a Service Account for Veeam and perhaps a Server Admins user accounts. I have a functioning SMB share configured, but it requires "local to the NAS" authentication. I would rather authenticate against my Active Directory.
I understand that this server could technically be joined to my Active Directory Domain, but I'd rather avoid that if possible. Rather, I'd rather it just authenticate against my AD to restrict/allow access. I'm able to do this with the likes of WordPress or other web-type apps/devices, but I'm having trouble making it work for FreeNAS.
I have entered the Active Directory information required as best I know how (I thought it would just work,) but it doesn't cache the Users/Groups as I expected. Further, when I go to the FreeNAS shell and run "wbinfo -t" I get:
-----------------------
root@ilch-freenas:~ # wbinfo -t
checking the trust secret for domain WORKGROUP via RPC calls failed
wbcCheckTrustCredentials(WORKGROUP): error code was NT_STATUS_NO_SUCH_DOMAIN (0xc00000df)
failed to call wbcCheckTrustCredentials: WBC_ERR_AUTH_ERROR
Could not check secret
-----------------------
Why is it checking the NETBIOS Workgroup? As best I can tell, that setting is configured by going to Services -> SMB and changing the Workgroup option (I have tried changing the Workgroup option to the name of my Domain, to no avail.)
Based on what the error is telling me, I'm not surprised that it's failing, but does this mean that I must join the server to the AD Domain? Surely not, or at least I hope.
Worst case, I can make using Authentication internally to the FreeNAS work, but it would be nicer if I could make the server authenticate against my AD without actually joining the server...don't ask why :)
I spent the better part of this afternoon Google'ing and doing trial and error to solve this, and can't wait until someone points me to the simple solution that I obviously missed :)
Thanks in advance for any advice!
