Ashley Drees
Dabbler
- Joined
- Oct 6, 2015
- Messages
- 20
I am trying to get our FreeNAS FreeNAS-11.1-U5 (8e2a858a1) - to authenticate and use OD on our OSX OD master.
I had to rebuild the FreeNAS as both USB keys failed and i had no sensible backup, OD/AFP on freenas was working before the keys died. No Data lost, new keys in and installed, system getting rebuilt - However i have been unable to completely set up the AFP <> OD to work again.
"id username" works fine = i can see all the user groups etc.
ldapsearch -x -v -H "ldaps://ldap.domain.tld" "uid=username" works fine = i can see the full LDAP record of the specific user
BUT i can only create shares with guest users at the moment as if i specify a group or user they are unable to log in, i am presuming this is because it is not able to actually authenticate the user. When i try and su to another OD user on the command line it fails after trying to give the password twice.
The OD master has a positive SSL cert, and i have imported that to the FN, SSL and the cert are listed.
the OD master is the same name as the CERT, i am using the FQDN in the directory setup (i have used the IP also - no change)
IF i include the kerberos settings in the directory - it normally times out and does not complete, if i leave them out it normally finishes but i am still unable to authenticate.
When it does not crash it seems to get a ticket for ldap and kerb - i created keytabs for afp and ldap - but i could not create one for cifs, i am not trying to use cifs , IF i use the dropdown for one of the keytab for ldap(afp) it does not work, though if i don't add a keytab it sometimes does, this is driving me round the twist as i cannot seem to get a grip on what is going wrong.
i can manually kinint for the diradmin@HOST.DOMAIN.TLD and i get a ticket...
IF i include the keytab for ldap it runs through and gets a ticket but i see an error
I previously used this post to set it up https://forums.freenas.org/index.ph...pen-directory-in-mac-os-x-environments.46493/
Here is one of the crashes...
I had to rebuild the FreeNAS as both USB keys failed and i had no sensible backup, OD/AFP on freenas was working before the keys died. No Data lost, new keys in and installed, system getting rebuilt - However i have been unable to completely set up the AFP <> OD to work again.
"id username" works fine = i can see all the user groups etc.
ldapsearch -x -v -H "ldaps://ldap.domain.tld" "uid=username" works fine = i can see the full LDAP record of the specific user
BUT i can only create shares with guest users at the moment as if i specify a group or user they are unable to log in, i am presuming this is because it is not able to actually authenticate the user. When i try and su to another OD user on the command line it fails after trying to give the password twice.
The OD master has a positive SSL cert, and i have imported that to the FN, SSL and the cert are listed.
the OD master is the same name as the CERT, i am using the FQDN in the directory setup (i have used the IP also - no change)
IF i include the kerberos settings in the directory - it normally times out and does not complete, if i leave them out it normally finishes but i am still unable to authenticate.
When it does not crash it seems to get a ticket for ldap and kerb - i created keytabs for afp and ldap - but i could not create one for cifs, i am not trying to use cifs , IF i use the dropdown for one of the keytab for ldap(afp) it does not work, though if i don't add a keytab it sometimes does, this is driving me round the twist as i cannot seem to get a grip on what is going wrong.
i can manually kinint for the diradmin@HOST.DOMAIN.TLD and i get a ticket...
IF i include the keytab for ldap it runs through and gets a ticket but i see an error
Code:
Aug 14 16:11:30 hostname uwsgi: [middleware.exceptions:36] [MiddlewareError: LDAP failed to reload.]
I previously used this post to set it up https://forums.freenas.org/index.ph...pen-directory-in-mac-os-x-environments.46493/
Here is one of the crashes...
Code:
Software Version: FreeNAS-11.1-U5 (8e2a858a1) Request Method: POST Request URL: http://investigate.c-r.org/admin/directoryservice/ldap/edit/1/?inline=true Traceback: File "/usr/local/lib/python3.6/site-packages/django/core/handlers/exception.py" in inner 42. response = get_response(request) File "/usr/local/lib/python3.6/site-packages/django/core/handlers/base.py" in _legacy_get_response 249. response = self._get_response(request) File "/usr/local/lib/python3.6/site-packages/django/core/handlers/base.py" in _get_response 178. response = middleware_method(request, callback, callback_args, callback_kwargs) File "./freenasUI/freeadmin/middleware.py" in process_view 162. return login_required(view_func)(request, *view_args, **view_kwargs) File "/usr/local/lib/python3.6/site-packages/django/contrib/auth/decorators.py" in _wrapped_view 23. return view_func(request, *args, **kwargs) File "./freenasUI/freeadmin/options.py" in wrapper 210. return self._admin.admin_view(view)(*args, **kwargs) File "/usr/local/lib/python3.6/site-packages/django/utils/decorators.py" in _wrapped_view 149. response = view_func(request, *args, **kwargs) File "/usr/local/lib/python3.6/site-packages/django/views/decorators/cache.py" in _wrapped_view_func 57. response = view_func(request, *args, **kwargs) File "./freenasUI/freeadmin/site.py" in inner 142. return view(request, *args, **kwargs) File "./freenasUI/freeadmin/options.py" in edit 571. mf.save() File "./freenasUI/directoryservice/forms.py" in save 960. started = notifier().restart("ldap", timeout=_fs().directoryservice.ldap.timeout.restart) File "./freenasUI/middleware/notifier.py" in restart 223. return c.call('service.restart', what, {'onetime': onetime}, **kwargs) File "./freenasUI/middleware/notifier.py" in restart 223. return c.call('service.restart', what, {'onetime': onetime}, **kwargs) File "/usr/local/lib/python3.6/site-packages/middlewared/client/client.py" in call 429. raise CallTimeout("Call timeout") Exception Type: CallTimeout at /admin/directoryservice/ldap/edit/1/ Exception Value: Call timeout