TFTP mangling AD usernames

HeloJunkie · Jun 29, 2015

System Information
Hostname ratchet
Build FreeNAS-9.3-STABLE-201506232120
Platform Intel(R) Pentium(R) CPU J2900 @ 2.41GHz
Memory 16060MB
System Time Mon Jun 29 17:14:33 PDT 2015
Uptime 5:14PM up 5 days, 13 mins, 1 user
Load Average 0.02, 0.11, 0.09

We are running the AD connector on this server and it works great. We are able to manage shares on this device with no problems. Today I decided to set up TFTP to start pushing some cisco configs over and ran into an issue.

When I configured the tftp service, under username I entered:

Code:

ECSD\intermapper

The is a valid username on our AD (and auto completes) and this user has access to the directory in question where I will be writing my TFTP files. When this did not work, I tried a local user and it worked just great, so I went to the logs and saw this:

Code:

Jun 29 17:11:33 ratchet tftpd[63668]: ECSDintermapper: no such user
Jun 29 17:11:37 ratchet tftpd[63686]: ECSDintermapper: no such user
Jun 29 17:11:42 ratchet tftpd[63728]: ECSDintermapper: no such user
Jun 29 17:11:48 ratchet tftpd[63778]: ECSDintermapper: no such user
Jun 29 17:11:55 ratchet tftpd[63836]: ECSDintermapper: no such user

It would appear that tftp it taking ECSD/intermapper (a valid user) and turning it into ECSDintermapper (an invalid username).

As I noted, all other shares use the AD users correctly.

I attempted to place a / in front of the \ in hopes I could escape the \ out but I just got this error from freenas:

Code:

The user ECSD/\intermapper is not valid.

So I am looking for help in getting this working with my AD.

Thanks

danb35 · Jun 30, 2015

Wild guess here, but try to escape it with a backslash instead--ECSD\\intermapper.

HeloJunkie · Jun 30, 2015

Thanks for the suggestion @danb35 but we tried that as well - no go!

The user ECSD\\intermapper is not valid.

dlavigne · Jun 30, 2015

Does FreeBSD's TFTP daemon even support AD users? I would be surprised if it does...

HeloJunkie · Jun 30, 2015

I don't think it is the tftp but the underlying auth mechanism that is responsible for the login. For example, when you go to select the username in the tftp config screen, it shows all of the AD users as well as local users. So it is seeing those accounts.

dlavigne · Jun 30, 2015

That would most likely be pam.d. You could create a feature request at bugs.freenas.org asking that it be added (or report it as a bug if you see it more as a bug than a feature). If you do, post the issue number here.

HeloJunkie · Jul 1, 2015

OK, but I thought pam.d also took care of the underlying authentication of my CIFS shares as well and those work just fine with AD usernames. Or is pam.d not involved in that process?

dlavigne · Jul 2, 2015

I don't think it is... If you create a bug report, the dev will know.

Important Announcement for the TrueNAS Community.

TFTP mangling AD usernames

HeloJunkie

Patron

danb35

Hall of Famer

HeloJunkie

Patron

dlavigne

Guest

HeloJunkie

Patron

dlavigne

Guest

HeloJunkie

Patron

dlavigne

Guest

Similar threads