plungerman
Cadet
- Joined
- Aug 17, 2012
- Messages
- 1
version: FreeNAS-8.3.0-BETA1-x64 (r12054) see LDAP configuration below:
greetings,
i have been attempting to configure FreeNAS 8.x with LDAP auth, but with no luck. the error that is display in the webgui is "The service could not be started." we are using AFP, NFS CIFS shares, but LDAP service fails to start with all of them disabled or a combination of them enabled and disabled, so i don't think it could be related to the shares. the samba log displays no errors about LDAP auth, which it will do if there is a problem (i set the password to NULL and an LDAP error was reported in the samba log).
i can confirm that communication between FreeNAS server and LDAP server works fine. for example, the following works:
ldapsearch -v -d5 -H ldap://10.2.2.19:389 -D "cn=***x, ou=staff, o=campus" -w ******
in addition, using tcpdump, i can see the comm traffic over port 389 on both the FreeNAS server and the LDAP server:
tcpdump -i em0 port 389
lastly, i tested python-ldap with a simple script and it was able to communicate with LDAP server from FreeNAS server (see code below).
can anyone confirm that LDAP service is indeed working? any advice or pointers on how to track down this problem would be greatly appreciated.
thanks in advance.
LDAP software: Novell
LDAP config:
host 10.2.2.19
base o=***x
rootbinddn cn=***x, ou=staff,o=***x
pam_password clear
nss_override_attribute_value loginShell /bin/sh
nss_base_passwd o=***x
nss_base_group o=***x
ldap_version 3
timelimit 30
bind_timelimit 30
bind_policy soft
pam_ldap_attribute uid
uri ldap://10.2.2.19/
port 389
ldap_test.py
AUTH_LDAP_SERVER = '10.2.2.19'
AUTH_LDAP_PORT = '389'
AUTH_LDAP_BASE_USER = "cn=***x,ou=staff,o=campus"
AUTH_LDAP_BASE_PASS = "***x"
username = 'foobar'
password = ''
base = "o=campus"
scope = ldap.SCOPE_SUBTREE
filter = "(&(objectclass=person) (cn=%s))" % username
ret = ['givenName','sn','email']
l = ldap.initialize('ldap://%s:%s' % (AUTH_LDAP_SERVER,AUTH_LDAP_PORT))
l.protocol_version = ldap.VERSION3
l.simple_bind_s(AUTH_LDAP_BASE_USER,AUTH_LDAP_BASE_PASS)
result_id = l.search(base, scope, filter, ret)
result_type, result_data = l.result(result_id, 2)
l.simple_bind_s(result_data[0][0],password)
group = result_data[0][0].split(',')[1]
print result_type
print group
first_name = result_data[0][1]['givenName'][0]
last_name = result_data[0][1]['sn'][0]
print first_name
print last_name
greetings,
i have been attempting to configure FreeNAS 8.x with LDAP auth, but with no luck. the error that is display in the webgui is "The service could not be started." we are using AFP, NFS CIFS shares, but LDAP service fails to start with all of them disabled or a combination of them enabled and disabled, so i don't think it could be related to the shares. the samba log displays no errors about LDAP auth, which it will do if there is a problem (i set the password to NULL and an LDAP error was reported in the samba log).
i can confirm that communication between FreeNAS server and LDAP server works fine. for example, the following works:
ldapsearch -v -d5 -H ldap://10.2.2.19:389 -D "cn=***x, ou=staff, o=campus" -w ******
in addition, using tcpdump, i can see the comm traffic over port 389 on both the FreeNAS server and the LDAP server:
tcpdump -i em0 port 389
lastly, i tested python-ldap with a simple script and it was able to communicate with LDAP server from FreeNAS server (see code below).
can anyone confirm that LDAP service is indeed working? any advice or pointers on how to track down this problem would be greatly appreciated.
thanks in advance.
LDAP software: Novell
LDAP config:
host 10.2.2.19
base o=***x
rootbinddn cn=***x, ou=staff,o=***x
pam_password clear
nss_override_attribute_value loginShell /bin/sh
nss_base_passwd o=***x
nss_base_group o=***x
ldap_version 3
timelimit 30
bind_timelimit 30
bind_policy soft
pam_ldap_attribute uid
uri ldap://10.2.2.19/
port 389
ldap_test.py
AUTH_LDAP_SERVER = '10.2.2.19'
AUTH_LDAP_PORT = '389'
AUTH_LDAP_BASE_USER = "cn=***x,ou=staff,o=campus"
AUTH_LDAP_BASE_PASS = "***x"
username = 'foobar'
password = ''
base = "o=campus"
scope = ldap.SCOPE_SUBTREE
filter = "(&(objectclass=person) (cn=%s))" % username
ret = ['givenName','sn','email']
l = ldap.initialize('ldap://%s:%s' % (AUTH_LDAP_SERVER,AUTH_LDAP_PORT))
l.protocol_version = ldap.VERSION3
l.simple_bind_s(AUTH_LDAP_BASE_USER,AUTH_LDAP_BASE_PASS)
result_id = l.search(base, scope, filter, ret)
result_type, result_data = l.result(result_id, 2)
l.simple_bind_s(result_data[0][0],password)
group = result_data[0][0].split(',')[1]
print result_type
print group
first_name = result_data[0][1]['givenName'][0]
last_name = result_data[0][1]['sn'][0]
print first_name
print last_name