ndboost
Explorer
- Joined
- Mar 17, 2013
- Messages
- 78
I have a win2k12 r2 box that is configured with ad, dhcp, dns, ntp and has the unix extensions role added to it.
my freenas box is registered to the domain (i can see it in the list of computers), its using my default administrator AD ID right now.
if i'm running as root on the nas, i can run `ldapsearch` and i get a list back of data from AD. CIFS shares work great when authenticating against AD and permissions are right. I can also do things like `id <someaduser>` and i can see their associated unix attributes and information from AD.
However, if i run as a non-root AD based user over SSH ldapsearch returns errors. I know if i run kinit, and re-authenticate with my non-root AD user the tmp file is created, and then ldapsearch works fine for that session.
I have a macbook which uses AFP shares, and it cannot authenticate, it just says invalid password with not much more detail.
So it seems i have two issues here,
1. nas box has issues running searches against "ldap" domain with non-root users
2. non windows machines have authentication issues when trying to browse shares over AFP
my freenas box is registered to the domain (i can see it in the list of computers), its using my default administrator AD ID right now.
if i'm running as root on the nas, i can run `ldapsearch` and i get a list back of data from AD. CIFS shares work great when authenticating against AD and permissions are right. I can also do things like `id <someaduser>` and i can see their associated unix attributes and information from AD.
However, if i run as a non-root AD based user over SSH ldapsearch returns errors. I know if i run kinit, and re-authenticate with my non-root AD user the tmp file is created, and then ldapsearch works fine for that session.
Code:
#ssh into the nas as an AD user, authenticates fine mikedevita $ ldapsearch SASL/GSSAPI authentication started ldap_sasl_interactive_bind_s: Local error (-2) additional info: SASL(-1): generic failure: GSSAPI Error: Miscellaneous failure (see text) (open(/tmp/krb5cc_501): No such file or directory)
I have a macbook which uses AFP shares, and it cannot authenticate, it just says invalid password with not much more detail.
So it seems i have two issues here,
1. nas box has issues running searches against "ldap" domain with non-root users
2. non windows machines have authentication issues when trying to browse shares over AFP