FreeNAS 11: AD Auth works on server side, CIFS errors

Status
Not open for further replies.

woder

Cadet
Joined
Dec 30, 2017
Messages
2
Hey everyone,

I'm not too sure what else to do about this problem as I've already tried so many different things along with spending hours on this forum searching for answers. Anyways, everything seems to work with AD as far as the server is concerned. I can run all the different wbinfo outputs (all my users with -u, a test connection with -t) and everything works nicely.

The problem comes when I try to connect to the smb shares. No matter what I try I always get "The system could not contact a domain controller to service the authentication request". I don't understand why I am getting this error if the server is connected to the AD successfully and I can query the controller from the command line on freenas.

It's also worth noting that if I navigate to \\freenas\ I can't see any of my shares, even though they are all listed as browsable by network clients.

I would suspect the domain controller as a possible culprit except that all the windows computers in the domain can still auth correctly.

Any help is appreciated,

Thanks!

smb.conf:
Code:
[global]
	server min protocol = SMB2
	server max protocol = SMB3
	encrypt passwords = yes
	dns proxy = no
	strict locking = no
	oplocks = yes
	deadtime = 15
	max log size = 51200
	max open files = 468614
	logging = file
	load printers = no
	printing = bsd
	printcap name = /dev/null
	disable spoolss = yes
	getwd cache = yes
	guest account = nobody
	map to guest = Bad User
	obey pam restrictions = yes
	directory name cache size = 0
	kernel change notify = no
	panic action = /usr/local/libexec/samba/samba-backtrace
	nsupdate command = /usr/local/bin/samba-nsupdate -g
	server string = FreeNAS Server
	ea support = yes
	store dos attributes = yes
	lm announce = yes
	acl allow execute always = true
	dos filemode = yes
	multicast dns register = yes
	domain logons = no
	idmap config *: backend = tdb
	idmap config *: range = 90000001-100000000
	server role = member server
	workgroup = WINC
	realm = WINC.LAN
	security = ADS
	client use spnego = yes
	cache directory = /var/tmp/.cache/.samba
	local master = no
	domain master = no
	preferred master = no
	ads dns update = yes
	winbind cache time = 7200
	winbind offline logon = yes
	winbind enum users = yes
	winbind enum groups = yes
	winbind nested groups = yes
	winbind use default domain = no
	winbind refresh tickets = yes
	idmap config WINC: backend = rid
	idmap config WINC: range = 20000-90000000
	allow trusted domains = no
	client ldap sasl wrapping = plain
	template shell = /bin/sh
	template homedir = /home/%D/%U
	netbios name = FREENAS
	netbios aliases = FREENAS
	pid directory = /var/run/samba
	create mask = 0666
	directory mask = 0777
	client ntlmv2 auth = yes
	dos charset = CP437
	unix charset = UTF-8
	log level = 10

[store]
	path = /mnt/Storage
	printable = no
	veto files = /.snapshot/.windows/.mac/.zfs/
	writeable = yes
	browseable = yes
	vfs objects = zfs_space zfsacl aio_pthread
	hide dot files = yes
	guest ok = no
	nfs4:mode = special
	nfs4:acedup = merge
	nfs4:chown = true
	zfsacl:acesort = dontcare
 

woder

Cadet
Joined
Dec 30, 2017
Messages
2
Hey, I ended up figuring out my problem.

It actually had nothing to do with Freenas and was due to a very specific and subtle error that was on the Domain Controller. So if anyone else is getting really weird behaviour from Freenas shares while everything else seems to work take a really close look at the DC to see if there is any errors at all. In my case it was some replication error that required editing the registry to fix...
 
Status
Not open for further replies.
Top