Register for the iXsystems Community to get an ad-free experience and exclusive discounts in our eBay Store.

Anyone using Red Hat Identity, Free IPA with FreeNAS 11

Howard Swope

Newbie
Joined
Nov 19, 2015
Messages
25
Just checking in to see if there has been any traction with this. Free IPA support was working in FreeNAS 10 (which I am still using). I obviously want to move to 11, but need it work with my security. Thanks for any information on this issue.
 

Howard Swope

Newbie
Joined
Nov 19, 2015
Messages
25
Thanks for the response. I may need to try to spin up a version in a vm and see if I can get it to work again. But it was just so easy in FreeNAS 10, I was hoping similar support would eventually find its way to 11:
freenas-ipa.png
 

xenu

Newbie
Joined
Nov 12, 2015
Messages
24
I have FreeIPA setup at home to work with my FreeNAS 11.3 install. I just configured "Directory Services" -> "LDAP", "Kerberos Realms" and "Kerberos Keytabs". I use it for kerberized NFSv4 shares.
 

Howard Swope

Newbie
Joined
Nov 19, 2015
Messages
25
Thanks for the info... I am using SMB shares as they seem the most versatile in my mixed environment. I am able to secure them for individual freeIPA users with FreeNAS 10, but was never able to get it to work on 9 and have not tried on 11. I played around with setting up NFS shares a while ago, but could never get them to play well in mac and windows or secure them for individuals. But it certainly could be from my ignorance regarding NFS.
 

KrisBee

FreeNAS Expert
Joined
Mar 20, 2017
Messages
1,006
I have FreeIPA setup at home to work with my FreeNAS 11.3 install. I just configured "Directory Services" -> "LDAP", "Kerberos Realms" and "Kerberos Keytabs". I use it for kerberized NFSv4 shares.
@xenu I wonder if you could give some more detail about this. For instance, is your FreeNAS 11.3 host actually enrolled on your FreeIPA sever and listed by a "ipa host-find" after a "kinit admin" ? Aren't you also using your FreeIP server for the FreeNAS dns and ntp to get kerberos to work with FreeNAS NFSv4 shares?
 

xenu

Newbie
Joined
Nov 12, 2015
Messages
24
@KrisBee I manually added my freenas to FreeIPA as a host, created a certificate through FreeIPA, DNS entry and keytabs for the host and nfs service principal.
I then added those certificates (host and FreeIPA CA) and keytabs to FreeNAS. It shows as 'enrolled' in the FreeIPA host list and ipa host-find shows:
Code:
$ ipa host-find | grep freenas01
Host name: freenas01.ipa.mydomain.de
Operating system: FreeBSD (FreeNAS)
Certificate: ...
Subject: CN=freenas01.ipa.mydomain.de,O=IPA.MYDOMAIN.DE
...more cert info...
Principal alias: host/freenas01.ipa.mydomain.de@IPA.MYDOMAIN.DE
Groups allowed to retrieve keytab: admins

And I use my FreeIPA server as NTP and DNS for my FreeNAS as you mentioned.

@Howard Swope Last time I wanted to try Windows 10 NFS support was exclusive to their Enterprise version and I only had a Pro license. From what I have read it is now supported with Windows 10 Pro.
 

KrisBee

FreeNAS Expert
Joined
Mar 20, 2017
Messages
1,006
@xenu Thanks for the extra input. I used centos7 about a year ago to setup a FreeIPA server, a separate fileserver and centos7 dekstop client at home all as virtual machines just to get an idea of what FreeIPA was about. The desktop client had an autmounted home directory via kerberized NFS. But I never got as far as trying to enroll a FreeNAS to complete the exercise. Perhaps its time to I tried to get this to work.
 
Joined
Feb 5, 2020
Messages
2
I have FreeIPA setup at home to work with my FreeNAS 11.3 install. I just configured "Directory Services" -> "LDAP", "Kerberos Realms" and "Kerberos Keytabs". I use it for kerberized NFSv4 shares.
Hi! Do you have a tutorial for this? Or maybe a website. I'm also started with a new FreeIPA Server. I'm trying a lot, but good info-stuff is rare to find. :/
I need some further education. ;)
Thanks for advices
 
Top