verify AD ldap user used

[peter boos]

Hi

In our samba environment we would like to change our password policies, excluding some accounts.
However i'm not 100% sure which account was used for ldap lookup syncing AD with FreeNAS-11.3-U1
Is there someway to see which account was used ?.
Also when it turns out to be the wrong user
I assume re-entering it in leftmenu ldap, and re-entering creds (who currently show blancs while it works???).

 

[anodos]

Hi

In our samba environment we would like to change our password policies, excluding some accounts.
However i'm not 100% sure which account was used for ldap lookup syncing AD with FreeNAS-11.3-U1
Is there someway to see which account was used ?.
Also when it turns out to be the wrong user
I assume re-entering it in leftmenu ldap, and re-entering creds (who currently show blancs while it works???).

Behavior after FreeNAS 11.2 is to exclusively use our AD machine account / Computer Object / "<netbiosname>$" for querying things in AD.

 

[peter boos]

would that also count for machines who got upgraded from past versions ?
(its been running a little bit longer here)

 

[anodos]

would that also count for machines who got upgraded from past versions ?
(its been running a little bit longer here)

Easiest way to verify is to check whether you have an AD_MACHINE_ACCOUNT kerberos keytab present on server, and a Kerberos principal is selected in your AD form.

 

[peter boos]

Ah yes fine, that's great its present.
thanks!

 

[anodos]

Ah yes fine, that's great its present.
thanks!

As always, upgrade during a maintenance window, and think through upgrade steps before-hand (and steps to revert if necessary).