verify AD ldap user used

peter boos

Dabbler
Joined
Sep 21, 2020
Messages
35
Hi

In our samba environment we would like to change our password policies, excluding some accounts.
However i'm not 100% sure which account was used for ldap lookup syncing AD with FreeNAS-11.3-U1
Is there someway to see which account was used ?.
Also when it turns out to be the wrong user
I assume re-entering it in leftmenu ldap, and re-entering creds (who currently show blancs while it works???).
 

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,553
Hi

In our samba environment we would like to change our password policies, excluding some accounts.
However i'm not 100% sure which account was used for ldap lookup syncing AD with FreeNAS-11.3-U1
Is there someway to see which account was used ?.
Also when it turns out to be the wrong user
I assume re-entering it in leftmenu ldap, and re-entering creds (who currently show blancs while it works???).
Behavior after FreeNAS 11.2 is to exclusively use our AD machine account / Computer Object / "<netbiosname>$" for querying things in AD.
 

peter boos

Dabbler
Joined
Sep 21, 2020
Messages
35
would that also count for machines who got upgraded from past versions ?
(its been running a little bit longer here)
 

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,553
would that also count for machines who got upgraded from past versions ?
(its been running a little bit longer here)
Easiest way to verify is to check whether you have an AD_MACHINE_ACCOUNT kerberos keytab present on server, and a Kerberos principal is selected in your AD form.
 
Top