cifs problems since 8.0.3

Status
Not open for further replies.
H

heupink

Dabbler
Joined
Jan 12, 2012
Messages
16
Hi all,

We are running a samba/openldap network. Freenas has to be part of that domain, and share certain folders over cifs. We started using this since version 8 betas, and it stopped working since version 8.0.3.

In short, this is what I have done:
- create a fresh freenas install
- configure ssh and ldap client
-> works, ldap users can logon via ssh

Then I configured cifs:
- authentication model: local user
- netbiosname: I choose 'NAS'
- workgroup: our nt4 domain name
- unchecked local master
- unchecked time server
- checked allow guest access
- unchecked only allow guest access

Now, when starting cifs, to my surprise I noticed that freenas creates a new samba domain in my ldapdirectory, called NAS. (it's own netbios name)
(new domain, with a new random sid) This was unexpected: I don't want a new domain, I want freenas to participate in our existing domain.

It also doesn't work, because when connecting from winxp, we see the following error: "A device attached to the system is not functioning." and we cannot access any shares.

In the samba logs, we see:

The primary group domain sid (S-1-5-21-3982698809-*********-1300696210-513) does not match the domain sid (S-1-5-21-90839350-yyyyyyyyy-868425949) for username (S-1-5-21-90839350-yyyyyyyyy-868425949-3028)

We can obviously see that they don't match: username & domain sid are for our current domain, and primary group domain sid is for the NEW domain that freenas created in ldap.

So, am I missing something obvious? Is this not the way to integrate freenas in an existing domain? In freenas 8.0.3, samba was upgraded from 3.5.11 to 3.6.1, this probably has to do with the new behaviour...

Any clues here?

Thanks in advance!
 
H

heupink

Dabbler
Joined
Jan 12, 2012
Messages
16
66 views, and no reply... :-(

Am I perhaps missing something incredibly obvious that nobody bothers to tell me, or am I the only one seeing this behaviour..?
 
H

hraynor

Dabbler
Joined
Apr 13, 2013
Messages
12
I'm seeing the EXACT same thing in the very latest FreeNAS (FreeNAS-8.3.1-RELEASE-x64 (r13452)).

Have tried the various suggested in ticket 1158 with only partial success.

Is there any fix yet for this bug? This would seem to be a MAJOR one for a NAS? This has been hounding me for some time. Was planning on using FreeNAS with a large (for me) array using ZFS.

Am trying to use CIFS with LDAP integration to an OLD style PDC domain running ClearOS 5.2 (Samba 3, no Active Directory). Will be upgrading to ClearOS 6.4 shortly for LDAP/domain controller, but still be old Samba 3 style (no AD).

Any help?
 
C

cyberjock

Inactive Account
Joined
Mar 25, 2012
Messages
19,526
I don't have your problem, but my guess is you have something misconfigured somewhere. Maybe with FreeNAS, maybe with LDAP. I don't know, but something as significant as this would be a show-stopper for many people. I can't imagine this issue(if it were from FreeNAS) wouldn't be fixed or very well documented. The obscurity of the issue makes me think user/admin error somewhere.
 
H

heupink

Dabbler
Joined
Jan 12, 2012
Messages
16
I still have this problem too. We're still on 8.0.2 because of this issue. :-(
I guess it has something to do with the updated samba versions in newer freenas. However...my primary fileserver runs 3.6.6 without issues...
 
C

cyberjock

Inactive Account
Joined
Mar 25, 2012
Messages
19,526
heupink said:
I still have this problem too. We're still on 8.0.2 because of this issue. :-(
I guess it has something to do with the updated samba versions in newer freenas. However...my primary fileserver runs 3.6.6 without issues...
Click to expand...

You do realize you have several vulnerabilities you are open to since you aren't on the latest?
 
H

heupink

Dabbler
Joined
Jan 12, 2012
Messages
16
I do realise that, yes. But since more recent freenas just won't work (I pretty much tried every release since 8.0.2) it's either that, or stop using freenas at all.

And yes: something somewhere must be wrong, perhaps on my end, otherwise everybody would have complained. I realise that. But the rest of my network (all centred around the same domain/ldap servers) works perfectly. It's only freenas that fails to integrate.
 
H

hraynor

Dabbler
Joined
Apr 13, 2013
Messages
12
cyberjock said:
I don't have your problem, but my guess is you have something misconfigured somewhere. Maybe with FreeNAS, maybe with LDAP. I don't know, but something as significant as this would be a show-stopper for many people. I can't imagine this issue(if it were from FreeNAS) wouldn't be fixed or very well documented. The obscurity of the issue makes me think user/admin error somewhere.
Click to expand...

Sorry for the delay in responding, business travel was killing me the last month.

I would hope that my issue WERE a misconfiguration, but I can't find ANYWHERE where anyone has stated successfully getting FreeNAS to authentication with ClearOS via LDAP for CIFS. Or FreeNAS 8.3.x to Samba 3.0.

In fact, if one were to look at the CIFS configuration, it doesn't have configuration parameters to even tell FreeNAS to be a domain member. It appears that its focused on being a server in a workgroup (look at the generated smb.conf). That said, I can override the options to FORCE the correct smb.conf settings in the "Auxiliary Parameters" box, but no direct options.

As well, at best I have to drop to the shell to even join the domain. And while after some shell wizardry (including some of the tips in that bug report) I can basically get it working (in the ClearOS domain, authenticating CIFS via LDAP), on a reboot this disappears.

Unfortunately COS doesn't support Active Directory (except for the paid professional version which I haven't tried) and SAMBA 4 isn't yet in COS (and questionable now whether it will make it into the Community version).

My guess is that the reason few have had an issue with FreeNAS is that they're using Active Directory, and not Samba 3 with old style domains. Unfortuantely that's not an easy option for me.
 
C

cyberjock

Inactive Account
Joined
Mar 25, 2012
Messages
19,526
hraynor said:
Unfortunately COS doesn't support Active Directory (except for the paid professional version which I haven't tried) and SAMBA 4 isn't yet in COS (and questionable now whether it will make it into the Community version).

My guess is that the reason few have had an issue with FreeNAS is that they're using Active Directory, and not Samba 3 with old style domains. Unfortuantely that's not an easy option for me.
Click to expand...

Either one of those or both may be the reason why this issue hasn't been identified before. I'm wondering if ClearOS is even following the standard LDAP implementation. The major problem with standards is that companies sometimes think they have a "great idea" that breaks those standards and some people like you that think outside the box and come up with a better plan than the manufacturer find themselves left out in the cold.
 
H

hraynor

Dabbler
Joined
Apr 13, 2013
Messages
12
cyberjock said:
Either one of those or both may be the reason why this issue hasn't been identified before. I'm wondering if ClearOS is even following the standard LDAP implementation. The major problem with standards is that companies sometimes think they have a "great idea" that breaks those standards and some people like you that think outside the box and come up with a better plan than the manufacturer find themselves left out in the cold.
Click to expand...

ClearOS uses Open LDAP, and I don't think anything is weird about the way it is setup. Never had any problems integrating it with other applications requiring LDAP, so long as I specify the base DN, etc correct.

In fact, no real issues with getting basic LDAP to work either, ie: I can configure LDAP integration in FreeNAS, go to the shell and type "getent passwd" and "getent group", etc and all work, as well as login with an LDAP user via ssh.

Issue is more around CIFS. So now that I have LDAP setup, how do I configure CIFS to join the ClearOS domain?? (note: that ClearOS correctly configures OpenLDAP to work with Samba 3, other than having to change a couple registry settings on Windows to allow support for older PDC/BDC support, never had any issues here).

But the CIFS page on FreeNAS doesn't appear to correctly configure smb.conf for domain based authentication, doesn't attempt to join the domain, etc... All of that I have to do manually from the shell. Don't think that any of this is a ClearOS issue, other than perhaps not supporting AD in the Community version.

So I take this to mean that there isn't officially any Samba 3.0 (or older Windows PDC/BDC (non AD)) support in the current FreeNAS, correct? At least not from the web interface. Or am I missing anything here?

As I stated, I CAN get it to work, through a lot of shell work and adding some entries to Additional Parameters (or manually editing smb.conf, whichever). But that doesn't survive a reboot (need to do "netrpc join" again after reboot).

Would be very nice to have FreeNAS officially support joining a Samba 3.0 domain...

I guess one question I have is that if I have to manually join the domain from the shell, and configure CIFS, should I be configuring LDAP on FreeNAS at all? Understand that not configuring LDAP would mean I couldn't SSH with an LDAP account into FreeNAS (not that I particularly care about this), but do I need to do this in order to get CIFS to work and join a Samba 3 domain?

Thanks!
 
Status
Not open for further replies.

Similar threads

D
  • Locked
Samba user password resets after restart
Replies
3
Views
3K
default6
D
I
  • Locked
some samba shares not working after upgrade
Replies
4
Views
2K
ikke
I
rwfitzy
  • Locked
User authentication problem with samba shares
Replies
2
Views
2K
rwfitzy
rwfitzy
H
  • Locked
CIFS permission issue with nested AD domain local groups
Replies
2
Views
3K
Henning Kessler
H
D
  • Locked
CIFS user not staying persistent across reboots
Replies
4
Views
2K
digilink
D
Top