All,
The company that I work at is evaluating FreeNAS, so I've setup a small FreeNAS server, created a simple USF volume and then created a "test" CIFS share.
We have an existing LDAP server that's been in place and has been working for a long time for other projects. What I can't seen to get working is authenticating a valid user in LDAP to FreeNAS. When I try to connect to the "test" CIFS share, I get "access denied" message. When I login to our LDAP server and look through the logs, I see this... (see below)
[31/Oct/2012:11:27:05 -0400] conn=197708 op=2 SRCH base="dc=mcna,dc=net" scope=2 filter="(&(uid=tbell)(objectClass=sambaSamAccount))" attrs="uid uidNumber gidNumber homeDirectory sambapwdlastset sambapwdcanchange sambapwdmustchange sambalogontime sambalogofftime sambakickofftime cn sn displayName sambahomedrive sambahomepath sambalogonscript sambaprofilepath description sambauserworkstations sambasid sambaprimarygroupsid sambalmpassword sambantpassword sambadomainname objectClass sambaacctflags sambamungeddial sambabadpasswordcount sambabadpasswordtime sambapasswordhistory modifyTimestamp sambalogonhours modifyTimestamp uidNumber gidNumber homeDirectory loginShell gecos"
The bold section above shows that it's looking for "sambaSamAccount" object class. Now the question I have for the group is, do I REALLY need to add the Samba Schema to our LDAP server or can I adjust FreeNAS somehow to not try to look for the "sambaSamAccount" objectClass? I ran a grep on the entire system volume and cannot find any config file that allows me to change the objectClass type it's looking for. I did however find a few binary files that have that string in it, but of course I cannot change them.
So is there some additional config that I can add that will change this?
I was able to search the forums and found someone else that has a similar problem, see link below. Was anyone able to help them or solve the problem?
http://forums.freenas.org/showthread.php?8347-Another-problem-with-the-LDAP-(OpenLDAP)
Thanks for your help in advance,
Tom
The company that I work at is evaluating FreeNAS, so I've setup a small FreeNAS server, created a simple USF volume and then created a "test" CIFS share.
We have an existing LDAP server that's been in place and has been working for a long time for other projects. What I can't seen to get working is authenticating a valid user in LDAP to FreeNAS. When I try to connect to the "test" CIFS share, I get "access denied" message. When I login to our LDAP server and look through the logs, I see this... (see below)
[31/Oct/2012:11:27:05 -0400] conn=197708 op=2 SRCH base="dc=mcna,dc=net" scope=2 filter="(&(uid=tbell)(objectClass=sambaSamAccount))" attrs="uid uidNumber gidNumber homeDirectory sambapwdlastset sambapwdcanchange sambapwdmustchange sambalogontime sambalogofftime sambakickofftime cn sn displayName sambahomedrive sambahomepath sambalogonscript sambaprofilepath description sambauserworkstations sambasid sambaprimarygroupsid sambalmpassword sambantpassword sambadomainname objectClass sambaacctflags sambamungeddial sambabadpasswordcount sambabadpasswordtime sambapasswordhistory modifyTimestamp sambalogonhours modifyTimestamp uidNumber gidNumber homeDirectory loginShell gecos"
The bold section above shows that it's looking for "sambaSamAccount" object class. Now the question I have for the group is, do I REALLY need to add the Samba Schema to our LDAP server or can I adjust FreeNAS somehow to not try to look for the "sambaSamAccount" objectClass? I ran a grep on the entire system volume and cannot find any config file that allows me to change the objectClass type it's looking for. I did however find a few binary files that have that string in it, but of course I cannot change them.
So is there some additional config that I can add that will change this?
I was able to search the forums and found someone else that has a similar problem, see link below. Was anyone able to help them or solve the problem?
http://forums.freenas.org/showthread.php?8347-Another-problem-with-the-LDAP-(OpenLDAP)
Thanks for your help in advance,
Tom
