I have a fresh 'FreeNAS-11-MASTER-201706070410 (7b5c3aa)' installation + AD DC is on CentOS 6 + samba4 & authenticates Windows 7-10 machines ok. The ad scheme is very simple, all users are in one default ou=Users. I'm trying to configure Freenas through the web interface.
I've created an smb share & it is accessible on the network, but I have to set 'allow guests' in freenas to access it as AD authentication doesn't work yet.
Also, on the Services -> SMB I've changed 'WORKGROUP' to 'XYZ' (domain name in CAPS without '.com'). Also tried with com & lowercase letters.
Auxiliary parameters: //tried with & without them
workgroup = XYZ
realm=xyz.com
Freenas network config :
Hostname: fs
Domain: xyz.com
IPv4 Default Gateway: 192.168.199.8 //router
IPv6 Default Gateway: //empty
Nameserver 1: 192.168.199.6 //dc
Nameserver 2: //empty
Nameserver 3: //empty
On AD DC I've created a user: 'freenas01' & added him to 'Domain Admins' group.
Created machine 'fs' & gave 'full control' security permissions to 'freenas01' user on it.
Trying to setup an Active Directory authentication for an smb share.
In Directory->Directory Service->Active Directory
Domain Name (DNS/Realm-Name): xyz.com
Domain Account Name: freenas01
Domain Account Password: xyz12345
Enable: checked
When I click save I get: '{'desc': "Can't contact LDAP server"}' error.
Trying to figure out how to correctly fill in the following fields in Advanced:
User Base: cn=Users,dc=xyz,dc=com
Group Base: //empty
Site Name: Default-First-Site-Name
Domain Controller: 192.168.199.6
Global Catalog Server: 192.168.199.6:389 //without 389 port I get additional error: 'Invalid Host/Port: [Errno 61] Connection refused'
Kerberos Realm: //tried empty & tried creating one on a kerberos realms tab(see below) & then setting it here, no luck.
AD timeout: 60
DNS timeout: 60
Kerberos Principal: //empty
Idmap backend: rid
Winbind NSS Info: rfc2307
SASL wrapping: plain
Enable: checked
NetBIOS name: fs
NetBIOS alias: //empty
Kerberos realms tab:
Realm: xyz.com
KDC: 192.168.199.6:88
Admin Server: 192.168.199.6
Password Server: 192.168.199.6:464
When I click save it doesn't say anything about ports, but I'm not sure about Admin Server not having port or others having them :(
I also tried configuring LDAP on a LDAP tab, but I get 'Notice: samba extensions not detected. CIFS authentication to LDAP disabled' error.
Hostname: 192.168.199.6
Base DN: dc=xyz,dc=com
Bind DN: cn=freenas01,cn=users,dc=xyz,dc=com
Bind password: xyz12345
Enable: checked
I have no encryption enabled, no LDAPS & etc.
Please help.
Docs used:
https://doc.freenas.org/11/directoryservice.html https://www.mai-hawaii.com/FreeNAS-AD/FreeNAS_9.3.x_setup#Setting_up_Active_Directory_.26_CIFS
