Good day all:
I’ve been fighting with trying to join my FreeNAS (11.0U4) server to a Samba AD Server running on Ubuntu 16.04. There are a few posts about this, and I’ve taken most of my hints from these posts, but bottom line: The AD will allow Windows/Mac machines to join no problem, but FreeNAS will not connect.
Fresh install of both FreeNAS and Ubuntu 16.04 in a VM. Configured AD on Ubuntu.
By default, just trying to join FreeNAS without mods, the AD join fails with:
So what I did was generate a CA on the FreeNAS box, and generate a cert signed with that CA. Exported the CA cert, signed cert and key and copied over to my AD server. In it’s smb.conf, I’ve added:
In Freenas, I changed the following in Advanced on the Directory connection window:
Restart the service, and try to join FreeNAS. Now I get:
I’m not sure what I’m doing wrong… or if I’m doing anything right! Especially with regards to the certificates.
Somehow I think I should have something generated on the AD side and imported on FreeNAS, and not the other way around??
I’ve been fighting with trying to join my FreeNAS (11.0U4) server to a Samba AD Server running on Ubuntu 16.04. There are a few posts about this, and I’ve taken most of my hints from these posts, but bottom line: The AD will allow Windows/Mac machines to join no problem, but FreeNAS will not connect.
Fresh install of both FreeNAS and Ubuntu 16.04 in a VM. Configured AD on Ubuntu.
By default, just trying to join FreeNAS without mods, the AD join fails with:
Code:
{'info': 'BindSimple: Transport encryption required.', 'desc': 'Strong(er) authentication required'}.
So what I did was generate a CA on the FreeNAS box, and generate a cert signed with that CA. Exported the CA cert, signed cert and key and copied over to my AD server. In it’s smb.conf, I’ve added:
Code:
tls enabled = yes tls certfile = /path/to/the/cert/cert.crt # This is certificate signed by CA, exported from FreeNAS. tls keyfile = /path/to/the/cert/cert.key # This is the key for above cert, exported from FreeNAS. tls cafile = /path/to/the/ca/ca.crt # This is CA certificate, generated on the CA tab in FreeNAS.
In Freenas, I changed the following in Advanced on the Directory connection window:
Code:
Encryption mode: TLS Certificate: My cert I generated in FreeNAS SASL Wrapping: sign
Restart the service, and try to join FreeNAS. Now I get:
Code:
Connect error, error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed (self signed certificate)
I’m not sure what I’m doing wrong… or if I’m doing anything right! Especially with regards to the certificates.
Somehow I think I should have something generated on the AD side and imported on FreeNAS, and not the other way around??