By turning off SSL you mean turning it off server side (Samba DC)? or on the FreeNAS side?
tried the settings on the FreeNAS system:
current settings:
Code:
"id": 1,
"domainname": "DOMAIN",
"bindname": "administrator",
"bindpw": "PASSWORD",
"ssl": "OFF",
"certificate": null,
"validate_certificates": false,
"verbose_logging": true,
"allow_trusted_doms": false,
"use_default_domain": false,
"allow_dns_updates": true,
"disable_freenas_cache": false,
"site": "",
"kerberos_realm": 1,
"kerberos_principal": "",
"createcomputer": "",
"timeout": 60,
"dns_timeout": 10,
"idmap_backend": "RID",
"nss_info": null,
"ldap_sasl_wrapping": "SEAL",
"enable": true,
"netbiosname": "nas",
"netbiosalias": []
}
result is unfortunately:
Code:
{
"id": 1493,
"method": "activedirectory.start",
"arguments": [],
"logs_path": null,
"logs_excerpt": null,
"progress": {
"percent": 20,
"description": "Detecting Active Directory Site.",
"extra": null
},
"result": null,
"error": "[EFAULT] {'desc': \"Can't contact LDAP server\", 'errno': 54, 'info': 'Connection reset by peer'}",
"exception": "Traceback (most recent call last):\n File \"/usr/local/lib/python3.7/site-packages/middlewared/job.py\", line 349, in run\n await self.future\n File \"/usr/local/lib/python3.7/site-packages/middlewared/job.py\", line 386, in __run_body\n rv = await self.method(*([self] + args))\n File \"/usr/local/lib/python3.7/site-packages/middlewared/plugins/activedirectory.py\", line 947, in start\n new_site = await self.middleware.call('activedirectory.get_site')\n File \"/usr/local/lib/python3.7/site-packages/middlewared/main.py\", line 1141, in call\n app=app, pipes=pipes, job_on_progress_cb=job_on_progress_cb, io_thread=True,\n File \"/usr/local/lib/python3.7/site-packages/middlewared/main.py\", line 1098, in _call\n return await run_method(methodobj, *args)\n File \"/usr/local/lib/python3.7/site-packages/middlewared/utils/run_in_thread.py\", line 10, in run_in_thread\n return await self.loop.run_in_executor(self.run_in_thread_executor, functools.partial(method, *args, **kwargs))\n File \"/usr/local/lib/python3.7/site-packages/middlewared/utils/io_thread_pool_executor.py\", line 25, in run\n result = self.fn(*self.args, **self.kwargs)\n File \"/usr/local/lib/python3.7/site-packages/middlewared/plugins/activedirectory.py\", line 1487, in get_site\n site = AD_LDAP.locate_site()\n File \"/usr/local/lib/python3.7/site-packages/middlewared/plugins/activedirectory.py\", line 493, in locate_site\n self._open()\n File \"/usr/local/lib/python3.7/site-packages/middlewared/plugins/activedirectory.py\", line 317, in _open\n raise CallError(saved_bind_error)\nmiddlewared.service_exception.CallError: [EFAULT] {'desc': \"Can't contact LDAP server\", 'errno': 54, 'info': 'Connection reset by peer'}\n",
"exc_info": {
"type": "CallError",
"extra": null
},
"state": "FAILED",
"time_started": {
"$date": 1594157207974
},
"time_finished": {
"$date": 1594157207694
}
}
in the middleware.log
Code:
[2020/07/07 23:26:46] (DEBUG) ActiveDirectoryService.get_n_working_servers():154 - Request for [1] of server type [PDC] returned: [{'host': 'dc02.DOMAIN', 'port': 389}]
[2020/07/07 23:26:47] (DEBUG) ActiveDirectoryService.start():917 - Starting Active Directory service for [DOMAIN]
[2020/07/07 23:26:47] (DEBUG) EtcService.generate():275 - No new changes for /etc/hosts
[2020/07/07 23:26:47] (DEBUG) ActiveDirectoryService._open():204 - Successfully initialized LDAP server: [ldap://dc01.DOMAIN:636]
[2020/07/07 23:26:47] (DEBUG) ActiveDirectoryService._open():312 - SASL GSSAPI bind failed.
Traceback (most recent call last):
File "/usr/local/lib/python3.7/site-packages/middlewared/plugins/activedirectory.py", line 305, in _open
self._handle.sasl_gssapi_bind_s()
File "/usr/local/lib/python3.7/site-packages/ldap/ldapobject.py", line 487, in sasl_gssapi_bind_s
self.sasl_non_interactive_bind_s('GSSAPI',serverctrls,clientctrls,sasl_flags,authz_id)
File "/usr/local/lib/python3.7/site-packages/ldap/ldapobject.py", line 475, in sasl_non_interactive_bind_s
self.sasl_interactive_bind_s('',auth,serverctrls,clientctrls,sasl_flags)
File "/usr/local/lib/python3.7/site-packages/ldap/ldapobject.py", line 465, in sasl_interactive_bind_s
return self._ldap_call(self._l.sasl_interactive_bind_s,who,auth,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls),sasl_flags)
File "/usr/local/lib/python3.7/site-packages/ldap/ldapobject.py", line 329, in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
File "/usr/local/lib/python3.7/site-packages/ldap/compat.py", line 44, in reraise
raise exc_value
File "/usr/local/lib/python3.7/site-packages/ldap/ldapobject.py", line 313, in _ldap_call
result = func(*args,**kwargs)
ldap.SERVER_DOWN: {'desc': "Can't contact LDAP server", 'errno': 54, 'info': 'Connection reset by peer'}
[2020/07/07 23:26:47] (DEBUG) ActiveDirectoryService._open():204 - Successfully initialized LDAP server: [ldap://dc02.DOMAIN:636]
[2020/07/07 23:26:47] (DEBUG) ActiveDirectoryService._open():312 - SASL GSSAPI bind failed.
Traceback (most recent call last):
File "/usr/local/lib/python3.7/site-packages/middlewared/plugins/activedirectory.py", line 305, in _open
self._handle.sasl_gssapi_bind_s()
File "/usr/local/lib/python3.7/site-packages/ldap/ldapobject.py", line 487, in sasl_gssapi_bind_s
self.sasl_non_interactive_bind_s('GSSAPI',serverctrls,clientctrls,sasl_flags,authz_id)
File "/usr/local/lib/python3.7/site-packages/ldap/ldapobject.py", line 475, in sasl_non_interactive_bind_s
self.sasl_interactive_bind_s('',auth,serverctrls,clientctrls,sasl_flags)
File "/usr/local/lib/python3.7/site-packages/ldap/ldapobject.py", line 465, in sasl_interactive_bind_s
return self._ldap_call(self._l.sasl_interactive_bind_s,who,auth,RequestControlTuples(serverctrls),RequestControlTuples(clientctrls),sasl_flags)
File "/usr/local/lib/python3.7/site-packages/ldap/ldapobject.py", line 329, in _ldap_call
reraise(exc_type, exc_value, exc_traceback)
File "/usr/local/lib/python3.7/site-packages/ldap/compat.py", line 44, in reraise
raise exc_value
File "/usr/local/lib/python3.7/site-packages/ldap/ldapobject.py", line 313, in _ldap_call
result = func(*args,**kwargs)
ldap.SERVER_DOWN: {'desc': "Can't contact LDAP server", 'errno': 54, 'info': 'Connection reset by peer'}