Hi all,
For the last couple of days I have been trying to set up my new FreeNAS box using the 32 bit FreeNAS 8.2.0 release.
Unfortunately I ran into some issues when trying to set up Active Directory authentication.
Here is how the network configuration looks:
[FreeNAS system]
IP: 172.19.2.6
Hostname: ConstaNAS01
Operating System: FreeNAS-8.2.0-RELEASE-p1-x86 (r11950)
[Domain Controller]
IP: 172.19.2.1
Hostname: ConstaDC01
Domain: Constabla.nl
Operating System: Windows Server 2008R2 X64
IP connectivity, DNS, and NTP all work.
I configured the Active Directory Service and turned it on:
See freenas1.JPG
After that I configured CIFS:
See freenas2.JPG freenas3.JPG & freenas4.JPG
After that I created a Share called Data:
See freenas5.JPG
I can see my Active Directory users and give them permissions.
I made user 'CONSTABLA\Constabla' the owner of the ZFS Data Set.
I've verified AD connectivity by logging on as root using SSH.
Everything seems to be ok:
So everything seems to be ok, right?
However when I try to open \\ConstaNAS01\Data from my laptop (logged on as user Constabla on the CONSTABLA domain) I get an access denied error.
I can see in the /var/log/samba/log.smbd that the logon request is bounced:
The only error I can see in the logfiles is in /var/log/samba/log.winbindd-idmap:
Does anybody know what I'm doing wrong?
Thanks in advance for your help!
Grt,
Constantijn.
For the last couple of days I have been trying to set up my new FreeNAS box using the 32 bit FreeNAS 8.2.0 release.
Unfortunately I ran into some issues when trying to set up Active Directory authentication.
Here is how the network configuration looks:
[FreeNAS system]
IP: 172.19.2.6
Hostname: ConstaNAS01
Operating System: FreeNAS-8.2.0-RELEASE-p1-x86 (r11950)
[Domain Controller]
IP: 172.19.2.1
Hostname: ConstaDC01
Domain: Constabla.nl
Operating System: Windows Server 2008R2 X64
IP connectivity, DNS, and NTP all work.
I configured the Active Directory Service and turned it on:
See freenas1.JPG
After that I configured CIFS:
See freenas2.JPG freenas3.JPG & freenas4.JPG
After that I created a Share called Data:
See freenas5.JPG
I can see my Active Directory users and give them permissions.
I made user 'CONSTABLA\Constabla' the owner of the ZFS Data Set.
I've verified AD connectivity by logging on as root using SSH.
Everything seems to be ok:
Code:
[root@ConstaNAS01] ~# wbinfo -u CONSTANAS01\root CONSTABLA\constalocaladmin CONSTABLA\guest CONSTABLA\krbtgt CONSTABLA\constaadmin CONSTABLA\constabla CONSTABLA\gina CONSTABLA\sm_4155477fd6de44c3b CONSTABLA\sm_e1efe100b43147149 CONSTABLA\sm_da1b437080f745df9 CONSTABLA\sm_bcc5aef6898d466e9 [root@ConstaNAS01] ~# wbinfo -g CONSTABLA\domain computers CONSTABLA\domain controllers CONSTABLA\schema admins CONSTABLA\enterprise admins CONSTABLA\cert publishers CONSTABLA\domain admins CONSTABLA\domain users CONSTABLA\domain guests CONSTABLA\group policy creator owners CONSTABLA\ras and ias servers CONSTABLA\allowed rodc password replication group CONSTABLA\denied rodc password replication group CONSTABLA\read-only domain controllers CONSTABLA\enterprise read-only domain controllers CONSTABLA\dnsadmins CONSTABLA\dnsupdateproxy CONSTABLA\unixadmins CONSTABLA\unixallowedlogons CONSTABLA\organization management CONSTABLA\public folder management CONSTABLA\recipient management CONSTABLA\view-only organization management CONSTABLA\um management CONSTABLA\help desk CONSTABLA\records management CONSTABLA\discovery management CONSTABLA\server management CONSTABLA\delegated setup CONSTABLA\hygiene management CONSTABLA\exchange servers CONSTABLA\exchange trusted subsystem CONSTABLA\exchange windows permissions CONSTABLA\exchange all hosted organizations CONSTABLA\exchangelegacyinterop CONSTABLA\$g31000-ph08tnaapsjg CONSTABLA\nas-movies-readaccess CONSTABLA\nas-data-readaccess CONSTABLA\nas-music-readaccess CONSTABLA\nas-software-readaccess CONSTABLA\nas-tv-shows-readaccess [root@ConstaNAS01] ~# wbinfo -t checking the trust secret for domain CONSTABLA via RPC calls succeeded [root@ConstaNAS01] ~# ls -la /mnt/ConstaStorage/ total 620 drwxr-x---+ 10 root wheel 11 Jul 29 20:15 ./ drwxr-xr-x 4 root wheel 512 Jul 30 19:37 ../ drwxr-xr-x+ 2 www www 2 Jun 22 22:28 .freenas/ -rw-r--r-- 1 root wheel 0 Jun 14 19:23 .windows drwxr-x---+ 6 CONSTABLA\constabla CONSTABLA\nas-data-readaccess 9 Jul 4 21:44 Data/
So everything seems to be ok, right?
However when I try to open \\ConstaNAS01\Data from my laptop (logged on as user Constabla on the CONSTABLA domain) I get an access denied error.
I can see in the /var/log/samba/log.smbd that the logon request is bounced:
Code:
[2012/07/30 21:11:53.481915, 1] smbd/service.c:1081(make_connection_snum) 172.19.4.17 (172.19.4.17) connect to service Data initially as user CONSTABLA\constabla (uid=21105, gid=20513) (pid 18076) [2012/07/30 21:11:53.487131, 1] smbd/sesssetup.c:342(reply_spnego_kerberos) Failed to verify incoming ticket with error NT_STATUS_LOGON_FAILURE!
The only error I can see in the logfiles is in /var/log/samba/log.winbindd-idmap:
Code:
[2012/07/30 19:38:14.742326, 0] winbindd/idmap_tdb.c:149(idmap_tdb_upgrade) Upgrading winbindd_idmap.tdb from an old version [2012/07/30 19:38:14.746079, 1] winbindd/idmap.c:201(idmap_init_domain) idmap range not specified for domain CONSTANAS01 [2012/07/30 19:38:17.194854, 1] winbindd/idmap.c:288(idmap_init_named_domain) no backend defined for idmap config CONSTANAS01 [2012/07/30 19:38:17.196601, 1] winbindd/idmap.c:288(idmap_init_named_domain) no backend defined for idmap config NT AUTHORITY [2012/07/30 19:38:17.210220, 3] winbindd/idmap.c:230(idmap_init_domain) idmap backend rid not found [2012/07/30 19:38:17.212583, 2] lib/module.c:64(do_smb_load_module) Module '/usr/local/lib/samba/idmap/rid.so' loaded [2012/07/30 19:38:17.216873, 1] winbindd/idmap.c:288(idmap_init_named_domain) no backend defined for idmap config CONSTANAS01 [2012/07/30 19:38:17.217261, 1] winbindd/idmap.c:288(idmap_init_named_domain) no backend defined for idmap config BUILTIN [2012/07/30 20:32:52.457185, 3] winbindd/winbindd_dual.c:61(child_read_request) child_read_request: read_data failed: NT_STATUS_END_OF_FILE [2012/07/30 20:33:46.513064, 2] lib/module.c:64(do_smb_load_module) Module '/usr/local/lib/samba/idmap/rid.so' loaded [2012/07/30 20:33:53.189467, 2] libsmb/cliconnect.c:1433(cli_session_setup_kerberos_send) Doing kerberos session setup [2012/07/30 20:45:44.309167, 1] winbindd/idmap.c:201(idmap_init_domain) idmap range not specified for domain CONSTANAS01
Does anybody know what I'm doing wrong?
Thanks in advance for your help!
Grt,
Constantijn.