vainkop
Cadet
- Joined
- Jun 6, 2017
- Messages
- 3
I have a fresh installation + AD DC is on CentOS 6 + samba4 & authenticates Windows 7-10 machines ok. The ad scheme is very simple, all users are in one default ou=Users. I'm trying to configure Freenas through the web interface.
I've created an smb share & it is accessible on the network, but I have to set 'allow guests' in FreeNAS to access it as AD authentication doesn't work yet.
Also, on the Services -> SMB I've changed 'WORKGROUP' to 'XYZ' (domain name in CAPS without '.com').
Freenas network config :
On AD DC I've created a user: 'freenas01' & added him to 'Domain Admins' group.
Created machine 'fs' & gave 'full control' security permissions to 'freenas01' user on it.
Trying to setup an Active Directory authentication for an smb share.
In Directory->Directory Service->Active Directory
When I click save I get: '{'desc': "Can't contact LDAP server"}' error.
Trying to figure out how to correctly fill in the following fields in Advanced:
Kerberos realms tab:
When I click save it doesn't say anything about ports, but I'm not sure about Admin Server not having port or others having them :(
I also tried configuring LDAP on a LDAP tab, but I get 'Notice: samba extensions not detected. CIFS authentication to LDAP disabled' error.
I have no encryption enabled, no LDAPS & etc.
Please help.
Docs used:
https://doc.freenas.org/11/directoryservice.html
https://www.mai-hawaii.com/FreeNAS-AD/FreeNAS_9.3.x_setup#Setting_up_Active_Directory_.26_CIFS
https://wiki.samba.org/index.php/Id...07_and_template_winbind_NSS_info_Mode_Options
Code:
FreeNAS-11-MASTER-201706020409 (373d389)
I've created an smb share & it is accessible on the network, but I have to set 'allow guests' in FreeNAS to access it as AD authentication doesn't work yet.
Also, on the Services -> SMB I've changed 'WORKGROUP' to 'XYZ' (domain name in CAPS without '.com').
Code:
Auxiliary parameters: workgroup = XYZ realm=xyz.com
Freenas network config :
Code:
Hostname: fs Domain: xyz.com IPv4 Default Gateway: 192.168.199.8 //router IPv6 Default Gateway: //empty Nameserver 1: 192.168.199.6 //dc Nameserver 2: 192.168.199.8 //router Nameserver 3: 8.8.8.8
On AD DC I've created a user: 'freenas01' & added him to 'Domain Admins' group.
Created machine 'fs' & gave 'full control' security permissions to 'freenas01' user on it.
Trying to setup an Active Directory authentication for an smb share.
In Directory->Directory Service->Active Directory
Code:
Domain Name (DNS/Realm-Name): xyz.com Domain Account Name: freenas01 Domain Account Password: xyz12345 Enable: checked
When I click save I get: '{'desc': "Can't contact LDAP server"}' error.
Trying to figure out how to correctly fill in the following fields in Advanced:
Code:
User Base: cn=Users,dc=xyz,dc=com Group Base: //empty Site Name: Default-First-Site-Name Domain Controller: 192.168.199.6 Global Catalog Server: 192.168.199.6:389 //without 389 port I get additional error: 'Invalid Host/Port: [Errno 61] Connection refused' Kerberos Realm: //tried empty & tried creating one on a kerberos realms tab(see below) & then setting it here, no luck. AD timeout: 60 DNS timeout: 60 Kerberos Principal: //empty Idmap backend: rid Winbind NSS Info: rfc2307 SASL wrapping: plain Enable: checked NetBIOS name: fs NetBIOS alias: //empty
Kerberos realms tab:
Code:
Realm: xyz.com KDC: 192.168.199.6:88 Admin Server: 192.168.199.6 Password Server: 192.168.199.6:464
When I click save it doesn't say anything about ports, but I'm not sure about Admin Server not having port or others having them :(
I also tried configuring LDAP on a LDAP tab, but I get 'Notice: samba extensions not detected. CIFS authentication to LDAP disabled' error.
Code:
Hostname: 192.168.199.6 Base DN: dc=xyz,dc=com Bind DN: cn=freenas01,cn=users,dc=xyz,dc=com Bind password: xyz12345 Enable: checked
I have no encryption enabled, no LDAPS & etc.
Please help.
Docs used:
https://doc.freenas.org/11/directoryservice.html
https://www.mai-hawaii.com/FreeNAS-AD/FreeNAS_9.3.x_setup#Setting_up_Active_Directory_.26_CIFS
https://wiki.samba.org/index.php/Id...07_and_template_winbind_NSS_info_Mode_Options
Last edited by a moderator: