FreeNAS 11.2 & FreeIPA 4.6.4 - LDAP is confusing...

bako

Dabbler
Joined
Jul 10, 2019
Messages
19
Can anybody direct me to some UP-TO-DATE docs or what not on setting up FreeNAS to use FreeIPA?

I keep getting the error uwsgi: [middleware.exceptions:36] [MiddlewareError: LDAP failed to reload.] when I try to setup the LDAP section in the Web UI.

The account info for the FreeNAS server to use:
Code:
  dn: uid=freenas,cn=users,cn=accounts,dc=neverland,dc=ddns,dc=me
  uid: freenas
  givenname: IX
  sn: Systems
  cn: IX Systems
  initials: IS
  homedirectory: /home/freenas
  gecos: IX Systems
  loginshell: /bin/bash
  krbcanonicalname: freenas@NEVERLAND.DDNS.ME
  krbprincipalname: freenas@NEVERLAND.DDNS.ME
  mail: freenas@neverland.ddns.me
  uidnumber: 734800005
  gidnumber: 734800005
  nsaccountlock: FALSE
  displayName: IX Systems
  ipaUniqueID: 1afb4aac-a053-11e9-b683-00a09839f931
  krbExtraData: AAK1CSNdZnJlZW5hc0BORVZFUkxBTkQuREROUy5NRQA=
  krbLastFailedAuth: 20190710082534Z
  krbLastPwdChange: 20190708091533Z
  krbLoginFailedCount: 0
  krbPasswordExpiration: 20191006091533Z
  memberOf: cn=ipausers,cn=groups,cn=accounts,dc=neverland,dc=ddns,dc=me
  memberOf: cn=services,cn=groups,cn=accounts,dc=neverland,dc=ddns,dc=me
  mepManagedEntry: cn=freenas,cn=groups,cn=accounts,dc=neverland,dc=ddns,dc=me
  objectClass: top
  objectClass: person
  objectClass: organizationalperson
  objectClass: inetorgperson
  objectClass: inetuser
  objectClass: posixaccount
  objectClass: krbprincipalaux
  objectClass: krbticketpolicyaux
  objectClass: ipaobject
  objectClass: ipasshuser
  objectClass: ipaSshGroupOfPubKeys
  objectClass: mepOriginEntry


In the Frenas Web UI:
hostname: unimatrix01.neverland.ddns.me
Base DN: dc=neverland,dc=ddns,dc=me
Bind DN: uid=freenas,cn=users,cn=accounts,dc=neverland,dc=ddns,dc=me
Enable (checkbox): checked.
 

icsy7867

Contributor
Joined
Dec 31, 2015
Messages
167
For what it's worth I tried an LDAP connection to my windows home AD servers. I got the same error.

I might try this again tomorrow if I get a second and report back.
 

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,546
For what it's worth I tried an LDAP connection to my windows home AD servers. I got the same error.

I might try this again tomorrow if I get a second and report back.
The LDAP directory srevice was explictly designed for connection to an OpenLDAP server. It will be unusable with AD unless you've extended the AD LDAP schema with Unix Extensions and applied auxiliary parameters to the SSSD config file to specify the formatting of the relevant LDAP fields. As far as directory services go, 11.2 is a sort of transitional step from the legacy UI to using the new FreeNAS middleware. When you see the error "failed to reload", it means that the start script failed somewhere. When I finish working on the new shadow copy module, I'll revisit the directory services to make sure that errors are being plumbed correctly to the GUI. You might be able to get an idea of where it's failing by manually running the LDAP start script. sh -x /etc/directoryservice/LDAP/ctl start

That said, in FN 12 we'll add a separate directory service plugin for FreeIPA.
 

bako

Dabbler
Joined
Jul 10, 2019
Messages
19
...You might be able to get an idea of where it's failing by manually running the LDAP start script. sh -x /etc/directoryservice/LDAP/ctl start...

Code:
[root@abyss /mnt/MAIN/HOME/binary]# sh -x /etc/directoryservice/LDAP/ctl start
+ . /etc/rc.freenas
+ . /etc/rc.subr
+ : 55994
+ export RC_PID
+ [ -n '' ]
+ _rc_subr_loaded=YES
+ SYSCTL=/sbin/sysctl
+ SYSCTL_N='/sbin/sysctl -n'
+ SYSCTL_W=/sbin/sysctl
+ PROTECT=/usr/bin/protect
+ ID=/usr/bin/id
+ IDCMD='if [ -x /usr/bin/id ]; then /usr/bin/id -un; fi'
+ PS='/bin/ps -ww'
+ JID=0
+ _rc_namevarlist='program chroot chdir env flags fib nice user group groups prepend'
+ kenv -q rc.debug
+ : /data/freenas-v1.db
+ : /var/tmp/freenas_config.md5
+ : /usr/local/bin/sqlite3fn
+ : /var/tmp/rc.conf.freenas
+ : /etc/version
+ : /var/db/system
+ : /data/cd-upgrade
+ : /data/need-update
+ : /data/first-boot
+ : /usr/bin/openssl
+ : /etc/certificates
+ : /etc/certificates/CA
+ : /usr/local/sbin/nginx
+ : /usr/local/etc/nginx
+ : /usr/local/etc/rc.d/nginx
+ : /usr/local/etc/nginx/nginx.conf
+ : 443
+ : 80
+ : /var/tmp/.cache
+ : 2g
+ : 60
+ : /usr/local/etc/sssd/sssd.conf
+ : /usr/local/etc/openldap/ldap.conf
+ : /usr/local/etc/certs/cacert.crt
+ : 0
+ : /etc/ix/templates/pam.d
+ : /etc/pam.d
+ : /etc/nsswitch.conf
+ : /etc/ix/templates/kerberos/krb5.conf
+ : /etc/krb5.conf
+ : /etc/AD.keytab
+ : /usr/local/etc/smb4.conf
+ : /usr/local/bin/warden
+ : /tmp/.ha_mode
+ ls /etc/directoryservice/rc.ActiveDirectory /etc/directoryservice/rc.DomainController /etc/directoryservice/rc.LDAP /etc/directoryservice/rc.NIS
+ . /etc/directoryservice/rc.ActiveDirectory
+ . /etc/rc.subr
+ : 55994
+ export RC_PID
+ [ -n YES ]
+ return
+ : /etc/directoryservice/ActiveDirectory
+ : /etc/directoryservice/ActiveDirectory/config
+ : /etc/directoryservice/ActiveDirectory/ctl
+ : 10
+ : 10
+ : /usr/local/bin/adtool
+ . /etc/directoryservice/rc.DomainController
+ . /etc/rc.subr
+ : 55994
+ export RC_PID
+ [ -n YES ]
+ return
+ . /etc/directoryservice/rc.LDAP
+ . /etc/rc.subr
+ : 55994
+ export RC_PID
+ [ -n YES ]
+ return
+ : /etc/directoryservice/LDAP
+ : /etc/directoryservice/LDAP/config
+ : /usr/local/etc/nss_ldap.conf
+ : /usr/local/etc/nss_ldap.secret
+ : /usr/local/etc/openldap/ldap.conf
+ : /usr/local/etc/certs/cacert.crt
+ : 0
+ : /usr/local/bin/ldaptool
+ . /etc/directoryservice/rc.NIS
+ . /etc/rc.subr
+ : 55994
+ export RC_PID
+ [ -n YES ]
+ return
+ : /etc/directoryservice/NT4
+ : /etc/directoryservice/NT4/ctl
+ : +:::::::::
+ : '+:*::'
+ : +::
+ cifs_file=/tmp/.cifs_LDAP
+ status_file=/var/run/directoryservice.ldap
+ service=/usr/sbin/service
+ python=/usr/local/bin/python
+ notifier=/usr/local/bin/midclt
+ name=ldapctl
+ start_cmd=ldapctl_start
+ status_cmd=ldapctl_status
+ stop_cmd=ldapctl_stop
+ extra_commands=status
+ load_rc_config ldapctl
+ local _name _rcvar_val _var _defval _v _msg _new _d
+ _name=ldapctl
+ false
+ [ -r /etc/defaults/rc.conf ]
+ debug 'Sourcing /etc/defaults/rc.conf'
+ . /etc/defaults/rc.conf
+ rc_info=NO
+ rc_startmsgs=YES
+ rcshutdown_timeout=90
+ early_late_divider=FILESYSTEMS
+ always_force_depends=NO
+ apm_enable=NO
+ apmd_enable=NO
+ apmd_flags=''
+ ddb_enable=NO
+ ddb_config=/etc/ddb.conf
+ devd_enable=YES
+ devd_flags=''
+ kldxref_enable=NO
+ kldxref_clobber=NO
+ kldxref_module_path=''
+ powerd_enable=NO
+ powerd_flags=''
+ tmpmfs=AUTO
+ tmpsize=20m
+ tmpmfs_flags=-S
+ varmfs=AUTO
+ varsize=32m
+ varmfs_flags=-S
+ mfs_type=auto
+ populate_var=AUTO
+ cleanvar_enable=YES
+ local_startup=/usr/local/etc/rc.d
+ script_name_sep=' '
+ rc_conf_files='/etc/rc.conf /etc/rc.conf.local'
+ zfs_enable=NO
+ zfsd_enable=NO
+ gptboot_enable=YES
+ gbde_autoattach_all=NO
+ gbde_devices=NO
+ gbde_attach_attempts=3
+ gbde_lockdir=/etc
+ geli_devices=''
+ geli_tries=''
+ geli_default_flags=''
+ geli_autodetach=YES
+ root_rw_mount=YES
+ root_hold_delay=30
+ fsck_y_enable=NO
+ fsck_y_flags='-T ffs:-R -T ufs:-R'
+ background_fsck=YES
+ background_fsck_delay=60
+ netfs_types='nfs:NFS smbfs:SMB'
+ extra_netfs_types=NO
+ hostname=''
+ hostid_enable=YES
+ hostid_file=/etc/hostid
+ nisdomainname=NO
+ dhclient_program=/sbin/dhclient
+ dhclient_flags=''
+ background_dhclient=NO
+ synchronous_dhclient=NO
+ defaultroute_delay=30
+ defaultroute_carrier_delay=5
+ netif_enable=YES
+ netif_ipexpand_max=2048
+ wpa_supplicant_program=/usr/sbin/wpa_supplicant
+ wpa_supplicant_flags=-s
+ wpa_supplicant_conf_file=/etc/wpa_supplicant.conf
+ firewall_enable=NO
+ firewall_script=/etc/rc.firewall
+ firewall_type=UNKNOWN
+ firewall_quiet=NO
+ firewall_logging=NO
+ firewall_logif=NO
+ firewall_flags=''
+ firewall_coscripts=''
+ firewall_client_net=192.0.2.0/24
+ firewall_simple_iif=ed1
+ firewall_simple_inet=192.0.2.16/28
+ firewall_simple_oif=ed0
+ firewall_simple_onet=192.0.2.0/28
+ firewall_myservices=''
+ firewall_allowservices=''
+ firewall_trusted=''
+ firewall_logdeny=NO
+ firewall_nologports='135-139,445 1026,1027 1433,1434'
+ firewall_nat_enable=NO
+ firewall_nat_interface=''
+ firewall_nat_flags=''
+ dummynet_enable=NO
+ ipfw_netflow_enable=NO
+ ip_portrange_first=NO
+ ip_portrange_last=NO
+ ike_enable=NO
+ ike_program=/usr/local/sbin/isakmpd
+ ike_flags=''
+ ipsec_enable=NO
+ ipsec_file=/etc/ipsec.conf
+ natd_program=/sbin/natd
+ natd_enable=NO
+ natd_interface=''
+ natd_flags=''
+ ipfilter_enable=NO
+ ipfilter_program=/sbin/ipf
+ ipfilter_rules=/etc/ipf.rules
+ ipfilter_flags=''
+ ipnat_enable=NO
+ ipnat_program=/sbin/ipnat
+ ipnat_rules=/etc/ipnat.rules
+ ipnat_flags=''
+ ipmon_enable=NO
+ ipmon_program=/sbin/ipmon
+ ipmon_flags=-Ds
+ ipfs_enable=NO
+ ipfs_program=/sbin/ipfs
+ ipfs_flags=''
+ pf_enable=NO
+ pf_rules=/etc/pf.conf
+ pf_program=/sbin/pfctl
+ pf_flags=''
+ pflog_enable=NO
+ pflog_logfile=/var/log/pflog
+ pflog_program=/sbin/pflogd
+ pflog_flags=''
+ ftpproxy_enable=NO
+ ftpproxy_flags=''
+ pfsync_enable=NO
+ pfsync_syncdev=''
+ pfsync_syncpeer=''
+ pfsync_ifconfig=''
+ tcp_extensions=YES
+ log_in_vain=0
+ tcp_keepalive=YES
+ tcp_drop_synfin=NO
+ icmp_drop_redirect=NO
+ icmp_log_redirect=NO
+ network_interfaces=auto
+ cloned_interfaces=''
+ sppp_interfaces=''
+ ppp_enable=NO
+ ppp_program=/usr/sbin/ppp
+ ppp_mode=auto
+ ppp_nat=YES
+ ppp_profile=papchap
+ ppp_user=root
+ hostapd_enable=NO
+ syslogd_enable=YES
+ syslogd_program=/usr/sbin/syslogd
+ syslogd_flags=-s
+ syslogd_oomprotect=YES
+ altlog_proglist=''
+ inetd_enable=NO
+ inetd_program=/usr/sbin/inetd
+ inetd_flags='-wW -C 60'
+ iscsid_enable=NO
+ iscsictl_enable=NO
+ iscsictl_flags=-Aa
+ hastd_enable=NO
+ hastd_program=/sbin/hastd
+ hastd_flags=''
+ ctld_enable=NO
+ local_unbound_enable=NO
+ blacklistd_enable=NO
+ blacklistd_flags=''
+ kdc_enable=NO
+ kdc_program=/usr/libexec/kdc
+ kdc_flags=''
+ kadmind_enable=NO
+ kadmind_program=/usr/libexec/kadmind
+ kpasswdd_enable=NO
+ kpasswdd_program=/usr/libexec/kpasswdd
+ kfd_enable=NO
+ kfd_program=/usr/libexec/kfd
+ kfd_flags=''
+ ipropd_master_enable=NO
+ ipropd_master_program=/usr/libexec/ipropd-master
+ ipropd_master_flags=''
+ ipropd_master_keytab=/etc/krb5.keytab
+ ipropd_master_slaves=''
+ ipropd_slave_enable=NO
+ ipropd_slave_program=/usr/libexec/ipropd-slave
+ ipropd_slave_flags=''
+ ipropd_slave_keytab=/etc/krb5.keytab
+ ipropd_slave_master=''
+ gssd_enable=NO
+ gssd_program=/usr/sbin/gssd
+ gssd_flags=''
+ rwhod_enable=NO
+ rwhod_flags=''
+ rarpd_enable=NO
+ rarpd_flags=-a
+ bootparamd_enable=NO
+ bootparamd_flags=''
+ pppoed_enable=NO
+ pppoed_provider='*'
+ pppoed_flags='-P /var/run/pppoed.pid'
+ pppoed_interface=fxp0
+ sshd_enable=NO
+ sshd_program=/usr/sbin/sshd
+ sshd_flags=''
+ ftpd_enable=NO
+ ftpd_program=/usr/libexec/ftpd
+ ftpd_flags=''
+ amd_enable=NO
+ amd_program=/usr/sbin/amd
+ amd_flags='-a /.amd_mnt -l syslog /host /etc/amd.map /net /etc/amd.map'
+ amd_map_program=NO
+ autofs_enable=NO
+ automount_flags=''
+ automountd_flags=''
+ autounmountd_flags=''
+ nfs_client_enable=NO
+ nfs_access_cache=60
+ nfs_server_enable=NO
+ nfs_server_flags='-u -t'
+ nfs_server_managegids=NO
+ mountd_enable=NO
+ mountd_flags='-r -S'
+ weak_mountd_authentication=NO
+ nfs_reserved_port_only=NO
+ nfs_bufpackets=''
+ rpc_lockd_enable=NO
+ rpc_lockd_flags=''
+ rpc_statd_enable=NO
+ rpc_statd_flags=''
+ rpcbind_enable=NO
+ rpcbind_program=/usr/sbin/rpcbind
+ rpcbind_flags=''
+ rpc_ypupdated_enable=NO
+ keyserv_enable=NO
+ keyserv_flags=''
+ nfsv4_server_enable=NO
+ nfscbd_enable=NO
+ nfscbd_flags=''
+ nfsuserd_enable=NO
+ nfsuserd_flags=''
+ timed_enable=NO
+ timed_flags=''
+ ntpdate_enable=NO
+ ntpdate_program=/usr/sbin/ntpdate
+ ntpdate_flags=-b
+ ntpdate_config=/etc/ntp.conf
+ ntpdate_hosts=''
+ ntpd_enable=NO
+ ntpd_program=/usr/sbin/ntpd
+ ntpd_config=/etc/ntp.conf
+ ntpd_sync_on_start=NO
+ ntpd_flags='-p /var/run/ntpd.pid -f /var/db/ntpd.drift'
+ ntp_src_leapfile=/etc/ntp/leap-seconds
+ ntp_db_leapfile=/var/db/ntpd.leap-seconds.list
+ ntp_leapfile_sources=https://www.ietf.org/timezones/data/leap-seconds.list
+ ntp_leapfile_fetch_opts=-mq
+ ntp_leapfile_expiry_days=30
+ ntp_leapfile_fetch_verbose=NO
+ nis_client_enable=NO
+ nis_client_flags=''
+ nis_ypset_enable=NO
+ nis_ypset_flags=''
+ nis_server_enable=NO
+ nis_server_flags=''
+ nis_ypxfrd_enable=NO
+ nis_ypxfrd_flags=''
+ nis_yppasswdd_enable=NO
+ nis_yppasswdd_flags=''
+ nis_ypldap_enable=NO
+ nis_ypldap_flags=''
+ bsnmpd_enable=NO
+ bsnmpd_flags=''
+ defaultrouter=NO
+ static_arp_pairs=''
+ static_ndp_pairs=''
+ static_routes=''
+ natm_static_routes=''
+ gateway_enable=NO
+ routed_enable=NO
+ routed_program=/sbin/routed
+ routed_flags=-q
+ arpproxy_all=NO
+ forward_sourceroute=NO
+ accept_sourceroute=NO
+ atm_enable=NO
+ atm_pvcs=''
+ atm_arps=''
+ hcsecd_enable=NO
+ hcsecd_config=/etc/bluetooth/hcsecd.conf
+ sdpd_enable=NO
+ sdpd_control=/var/run/sdp
+ sdpd_groupname=nobody
+ sdpd_username=nobody
+ bthidd_enable=NO
+ bthidd_config=/etc/bluetooth/bthidd.conf
+ bthidd_hids=/var/db/bthidd.hids
+ rfcomm_pppd_server_enable=NO
+ rfcomm_pppd_server_profile='one two'
+ rfcomm_pppd_server_one_channel=1
+ rfcomm_pppd_server_two_channel=3
+ ubthidhci_enable=NO
+ netwait_enable=NO
+ netwait_timeout=60
+ netwait_if_timeout=30
+ icmp_bmcastecho=NO
+ ipv6_network_interfaces=auto
+ ipv6_activate_all_interfaces=NO
+ ipv6_defaultrouter=NO
+ ipv6_static_routes=''
+ ipv6_gateway_enable=NO
+ ipv6_cpe_wanif=NO
+ ipv6_privacy=NO
+ route6d_enable=NO
+ route6d_program=/usr/sbin/route6d
+ route6d_flags=''
+ ipv6_default_interface=NO
+ rtsol_flags=''
+ rtsold_enable=NO
+ rtsold_flags=-a
+ rtadvd_enable=NO
+ rtadvd_interfaces=''
+ mroute6d_enable=NO
+ mroute6d_program=/usr/local/sbin/pim6dd
+ mroute6d_flags=''
+ stf_interface_ipv4addr=''
+ stf_interface_ipv4plen=0
+ stf_interface_ipv6_ifid=0:0:0:1
+ stf_interface_ipv6_slaid=0000
+ ipv6_ipv4mapping=NO
+ ipv6_ipfilter_rules=/etc/ipf6.rules
+ ip6addrctl_enable=YES
+ ip6addrctl_verbose=NO
+ ip6addrctl_policy=AUTO
+ keyboard=''
+ keymap=NO
+ keyrate=NO
+ keybell=NO
+ keychange=NO
+ cursor=NO
+ scrnmap=NO
+ font8x16=NO
+ font8x14=NO
+ font8x8=NO
+ blanktime=300
+ saver=NO
+ moused_nondefault_enable=YES
+ moused_enable=NO
+ moused_type=auto
+ moused_port=/dev/psm0
+ moused_flags=''
+ mousechar_start=NO
+ allscreens_flags=''
+ allscreens_kbdflags=''
+ mta_start_script=/etc/rc.sendmail
+ sendmail_enable=NO
+ sendmail_pidfile=/var/run/sendmail.pid
+ sendmail_procname=/usr/sbin/sendmail
+ sendmail_flags='-L sm-mta -bd -q30m'
+ sendmail_cert_create=YES
+ sendmail_submit_enable=YES
+ sendmail_submit_flags='-L sm-mta -bd -q30m -ODaemonPortOptions=Addr=localhost'
+ sendmail_outbound_enable=YES
+ sendmail_outbound_flags='-L sm-queue -q30m'
+ sendmail_msp_queue_enable=YES
+ sendmail_msp_queue_flags='-L sm-msp-queue -Ac -q30m'
+ sendmail_rebuild_aliases=NO
+ auditd_enable=NO
+ auditd_program=/usr/sbin/auditd
+ auditd_flags=''
+ auditdistd_enable=NO
+ auditdistd_program=/usr/sbin/auditdistd
+ auditdistd_flags=''
+ cron_enable=YES
+ cron_program=/usr/sbin/cron
+ cron_dst=YES
+ cron_flags=''
+ lpd_enable=NO
+ lpd_program=/usr/sbin/lpd
+ lpd_flags=''
+ nscd_enable=NO
+ chkprintcap_enable=NO
+ chkprintcap_flags=-d
+ dumpdev=NO
+ dumpdir=/var/crash
+ savecore_enable=YES
+ savecore_flags='-m 10'
+ crashinfo_enable=YES
+ crashinfo_program=/usr/sbin/crashinfo
+ quota_enable=NO
+ check_quotas=YES
+ quotaon_flags=-a
+ quotaoff_flags=-a
+ quotacheck_flags=-a
+ accounting_enable=NO
+ ibcs2_enable=NO
+ ibcs2_loaders=coff
+ firstboot_sentinel=/firstboot
+ sysvipc_enable=NO
+ linux_enable=NO
+ svr4_enable=NO
+ clear_tmp_enable=NO
+ clear_tmp_X=YES
+ ldconfig_insecure=NO
+ ldconfig_paths='/usr/lib/compat /usr/local/lib /usr/local/lib/compat/pkg'
+ ldconfig32_paths='/usr/lib32 /usr/lib32/compat'
+ ldconfigsoft_paths='/usr/libsoft /usr/libsoft/compat /usr/local/libsoft'
+ ldconfig_paths_aout='/usr/lib/compat/aout /usr/local/lib/aout'
+ ldconfig_local_dirs=/usr/local/libdata/ldconfig
+ ldconfig_local32_dirs=/usr/local/libdata/ldconfig32
+ ldconfig_localsoft_dirs=/usr/local/libdata/ldconfigsoft
+ kern_securelevel_enable=NO
+ kern_securelevel=-1
+ update_motd=YES
+ entropy_boot_file=/boot/entropy
+ entropy_file=/entropy
+ entropy_dir=/var/db/entropy
+ entropy_save_sz=4096
+ entropy_save_num=8
+ harvest_mask=511
+ dmesg_enable=YES
+ watchdogd_enable=NO
+ watchdogd_flags=''
+ devfs_rulesets='/etc/defaults/devfs.rules /etc/devfs.rules'
+ devfs_system_ruleset=''
+ devfs_set_rulesets=''
+ devfs_load_rulesets=YES
+ performance_cx_lowest=C2
+ performance_cpu_freq=NONE
+ economy_cx_lowest=Cmax
+ economy_cpu_freq=NONE
+ virecover_enable=YES
+ ugidfw_enable=NO
+ bsdextended_script=/etc/rc.bsdextended
+ newsyslog_enable=YES
+ newsyslog_flags=-CN
+ mixer_enable=YES
+ opensm_enable=NO
+ rctl_enable=YES
+ rctl_rules=/etc/rctl.conf
+ iovctl_files=''
+ jail_enable=NO
+ jail_confwarn=YES
+ jail_parallel_start=NO
+ jail_list=''
+ jail_reverse_stop=NO
+ [ -z '' ]
+ source_rc_confs_defined=yes
+ [ -r /etc/defaults/vendor.conf ]
+ source_rc_confs
+ local i sourced_files
+ sourced_files=:/etc/rc.conf:
+ [ -r /etc/rc.conf ]
+ . /etc/rc.conf
+ hostname=freenas
+ openssh_enable=YES
+ sendmail_enable=NONE
+ background_fsck=NO
+ fsck_y_enable=YES
+ synchronous_dhclient=YES
+ ntpd_enable=YES
+ ntpd_sync_on_start=YES
+ vmware_guest_vmblock_enable=YES
+ vmware_guest_vmhgfs_enable=YES
+ vmware_guest_vmmemctl_enable=YES
+ devfs_system_ruleset=usbrules
+ clear_tmp_X=NO
+ geli_autodetach=NO
+ savecore_enable=NO
+ dumpdev=NO
+ dumpdir=/data/crash
+ ix_textdump_enable=YES
+ early_kld_list='geom_mirror geom_multipath'
+ kld_list='dtraceall hwpmc t3_tom t4_tom'
+ dbus_enable=YES
+ mdnsd_enable=YES
+ performance_cpu_freq=HIGH
+ local_startup='/etc/ix.rc.d /usr/local/etc/rc.d'
+ early_late_divider='*'
+ root_rw_mount=YES
+ syslogd_enable=NO
+ syslog_ng_enable=YES
+ nginx_enable=YES
+ nginx_login_class=nginx
+ devd_flags=-q
+ cleanvar_enable=NO
+ openssh_skipportscheck=YES
+ inadyn_flags=--continue-on-error
+ sourced_files=:/etc/rc.conf::/etc/rc.conf.local:
+ [ -r /etc/rc.conf.local ]
+ . /etc/rc.conf.local
+ . /etc/rc.freenas
+ . /etc/rc.subr
+ : 55994
+ export RC_PID
+ [ -n YES ]
+ return
+ : /data/freenas-v1.db
+ : /var/tmp/freenas_config.md5
+ : /usr/local/bin/sqlite3fn
+ : /var/tmp/rc.conf.freenas
+ : /etc/version
+ : /var/db/system
+ : /data/cd-upgrade
+ : /data/need-update
+ : /data/first-boot
+ : /usr/bin/openssl
+ : /etc/certificates
+ : /etc/certificates/CA
+ : /usr/local/sbin/nginx
+ : /usr/local/etc/nginx
+ : /usr/local/etc/rc.d/nginx
+ : /usr/local/etc/nginx/nginx.conf
+ : 443
+ : 80
+ : /var/tmp/.cache
+ : 2g
+ : 60
+ : /usr/local/etc/sssd/sssd.conf
+ : /usr/local/etc/openldap/ldap.conf
+ : /usr/local/etc/certs/cacert.crt
+ : 0
+ : /etc/ix/templates/pam.d
+ : /etc/pam.d
+ : /etc/nsswitch.conf
+ : /etc/ix/templates/kerberos/krb5.conf
+ : /etc/krb5.conf
+ : /etc/AD.keytab
+ : /usr/local/etc/smb4.conf
+ : /usr/local/bin/warden
+ : /tmp/.ha_mode
+ ls /etc/directoryservice/rc.ActiveDirectory /etc/directoryservice/rc.DomainController /etc/directoryservice/rc.LDAP /etc/directoryservice/rc.NIS
+ . /etc/directoryservice/rc.ActiveDirectory
+ . /etc/rc.subr
+ : 55994
+ export RC_PID
+ [ -n YES ]
+ return
+ : /etc/directoryservice/ActiveDirectory
+ : /etc/directoryservice/ActiveDirectory/config
+ : /etc/directoryservice/ActiveDirectory/ctl
+ : 10
+ : 10
+ : /usr/local/bin/adtool
+ . /etc/directoryservice/rc.DomainController
+ . /etc/rc.subr
+ : 55994
+ export RC_PID
+ [ -n YES ]
+ return
+ . /etc/directoryservice/rc.LDAP
+ . /etc/rc.subr
+ : 55994
+ export RC_PID
+ [ -n YES ]
+ return
+ : /etc/directoryservice/LDAP
+ : /etc/directoryservice/LDAP/config
+ : /usr/local/etc/nss_ldap.conf
+ : /usr/local/etc/nss_ldap.secret
+ : /usr/local/etc/openldap/ldap.conf
+ : /usr/local/etc/certs/cacert.crt
+ : 0
+ : /usr/local/bin/ldaptool
+ . /etc/directoryservice/rc.NIS
+ . /etc/rc.subr
+ : 55994
+ export RC_PID
+ [ -n YES ]
+ return
+ : /etc/directoryservice/NT4
+ : /etc/directoryservice/NT4/ctl
+ : +:::::::::
+ : '+:*::'
+ : +::
+ md5 -q /data/freenas-v1.db
+ _NEWSUM=a8547fbfd4d686499945c484d0fad433
+ cat /var/tmp/freenas_config.md5
+ _OLDSUM=a8547fbfd4d686499945c484d0fad433
+ id -u
+ [ 0 -eq 0 -a ! a8547fbfd4d686499945c484d0fad433 '=' a8547fbfd4d686499945c484d0fad433 -a ! -f /data/need-update ]
+ export 'LANG=en_US.UTF-8'
+ [ -f /var/tmp/rc.conf.freenas ]
+ . /var/tmp/rc.conf.freenas
+ ifconfig_igb0='inet 10.0.0.240/24 '
+ hostname=abyss.neverland.ddns.me
+ defaultrouter=10.0.0.1
+ netwait_enable=YES
+ netwait_ip=10.0.0.1
+ netatalk_enable=YES
+ proftpd_enable=NO
+ nfs_server_enable=YES
+ rpc_lockd_enable=YES
+ rpc_statd_enable=YES
+ mountd_enable=YES
+ nfsd_enable=YES
+ rpcbind_enable=YES
+ rsyncd_enable=YES
+ snmpd_enable=NO
+ snmp_agent_enable=NO
+ openssh_enable=YES
+ inetd_enable=NO
+ inadyn_enable=YES
+ ladvd_enable=NO
+ ctld_enable=NO
+ apache24_enable=NO
+ smartd_daemon_enable=YES
+ netdata_enable=YES
+ samba_server_enable=YES
+ smbd_enable=YES
+ nmbd_enable=YES
+ winbindd_enable=YES
+ dssystem_env='PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/root/bin'
+ postgresql_data=/mnt//database
+ postgresql_user=pgsql
+ snmpd_conffile=/etc/local/snmpd.conf
+ snmpd_flags=-LS3d
+ sssd_enable=NO
+ nslcd_enable=NO
+ nut_enable=YES
+ nut_upsshut=NO
+ nut_upslog_ups=ups
+ nut_upslog_enable=YES
+ nut_upsmon_enable=YES
+ nfsv4_server_enable=NO
+ gssd_enable=YES
+ zfs_enable=YES
+ powerd_enable=NO
+ collectd_enable=YES
+ rrdcached_enable=YES
+ failover_enable=NO
+ nfs_server_flags='-t -n 4 '
+ rpc_statd_flags=''
+ rpc_lockd_flags=''
+ mountd_flags=-rS
+ smartd_daemon_flags='-i 1800'
+ minio_disks=''
+ minio_address=:9000
+ minio_env='MINIO_ACCESS_KEY= MINIO_SECRET_KEY= '
+ MINIO_BROWSER=off
+ ixssl_list=''
+ keymap=us
+ geli_devices=''
+ ladvd_flags='-a -z'
+ ataidle_enable=YES
+ watchdogd_flags='--pretimeout 5 --pretimeout-action log,printf'
+ watchdogd_enable=YES
+ zfsd_enable=YES
+ vmware_guestd_enable=NO
+ _rc_conf_loaded=true
+ [ -n ldapctl ]
+ _d=/etc
+ [ -f /etc/rc.conf.d/ldapctl ]
+ [ -d /etc/rc.conf.d/ldapctl ]
+ _d=/etc/ix.rc.d
+ [ -f /etc/ix.rc.d/rc.conf.d/ldapctl ]
+ [ -d /etc/ix.rc.d/rc.conf.d/ldapctl ]
+ _d=/usr/local/etc
+ [ -f /usr/local/etc/rc.conf.d/ldapctl ]
+ [ -d /usr/local/etc/rc.conf.d/ldapctl ]
+ run_rc_command start
+ _return=0
+ rc_arg=start
+ [ -z ldapctl ]
+ shift 1
+ rc_extra_args=''
+ _rc_prefix=''
+ eval '_override_command=$ldapctl_program'
+ _override_command=''
+ command=''
+ _keywords='start stop restart rcvar enabled describe extracommands status'
+ rc_pid=''
+ _pidcmd=''
+ _procname=''
+ [ -n '' ]
+ [ -z start ]
+ [ start '=' enabled ]
+ [ -n '' ]
+ eval 'rc_flags=$ldapctl_flags'
+ rc_flags=''
+ eval '_chdir=$ldapctl_chdir' '_chroot=$ldapctl_chroot' '_nice=$ldapctl_nice' '_user=$ldapctl_user' '_group=$ldapctl_group' '_groups=$ldapctl_groups' '_fib=$ldapctl_fib' '_env=$ldapctl_env' '_prepend=$ldapctl_prepend' '_login_class=${ldapctl_login_class:-daemon}' '_oomprotect=$ldapctl_oomprotect'
+ _chdir='' _chroot='' _nice='' _user='' _group='' _groups='' _fib='' _env='' _prepend='' _login_class=daemon _oomprotect=''
+ [ -n '' ]
+ [ -z '' ]
+ eval
+ [ start '!=' start ]
+ [ -n '' -a start '!=' rcvar -a start '!=' stop -a start '!=' describe ]
+ [ -n '' -a start '=' stop -a -z '' ]
+ [ start '=' start -a -z '' -a -n '' ]
+ eval '_cmd=$start_cmd' '_precmd=$start_precmd' '_postcmd=$start_postcmd'
+ _cmd=ldapctl_start _precmd='' _postcmd=''
+ [ -n ldapctl_start ]
+ _run_rc_precmd
+ check_required_before start
+ local _f
+ return 0
+ [ -n '' ]
+ check_required_after start
+ local _f _args
+ return 0
+ return 0
+ _run_rc_doit 'ldapctl_start '
+ debug 'run_rc_command: doit: ldapctl_start '
+ eval 'ldapctl_start '
+ ldapctl_start
+ local 'ldap_started=0'
+ local realm
+ local keytab_principal
+ /usr/local/bin/midclt call systemdataset.config
+ /usr/local/bin/jq .pool
+ eval echo '"MAIN"'
+ echo MAIN
+ local 'syspool=MAIN'
+ /usr/local/bin/midclt call system.is_freenas
+ local 'is_freenas=True'
+ local 'failover_status=SINGLE'
+ [ True '==' False ]
+ [ MAIN '!=' freenas-boot ]
+ [ SINGLE '==' BACKUP ]
+ LDAP_get_krb_realm
+ name=ldap_krb_realm
+ ro_sqlite ldap_krb_realm
+ rm /tmp/ldap_krb_realm.fail
+ RO_FREENAS_CONFIG=/tmp/ldap_krb_realm.SUVjo
+ trap 'rm -f ${RO_FREENAS_CONFIG}' EXIT
+ /usr/local/bin/sqlite3fn /tmp/ldap_krb_realm.SUVjo $'\t\tSELECT
\t\t\tkrb.krb_realm
\t\tFROM
\t\t\tdirectoryservice_kerberosrealm as krb

\t\tINNER JOIN
\t\t\tdirectoryservice_ldap as ldap
\t\tON
\t\t\tkrb.id = ldap.ldap_kerberos_realm_id
\t'
+ rm -f /tmp/ldap_krb_realm.SUVjo
+ realm=NEVERLAND.DDNS.ME
+ [ -n NEVERLAND.DDNS.ME ]
+ ldapctl_cmd /usr/sbin/service ix-kerberos quietstart default NEVERLAND.DDNS.ME
+ local 'args=/usr/sbin/service ix-kerberos quietstart default NEVERLAND.DDNS.ME'
+ [ -n '/usr/sbin/service ix-kerberos quietstart default NEVERLAND.DDNS.ME' ]
+ logger -t LDAP '/usr/sbin/service ix-kerberos quietstart default NEVERLAND.DDNS.ME'
+ /usr/sbin/service ix-kerberos quietstart default NEVERLAND.DDNS.ME
+ return 0
+ LDAP_init
+ LDAP_load_values
+ LDAP_generate_config
+ local 'res=0'
+ /usr/local/bin/ldaptool get config_file
ERROR: {'desc': 'Local error', 'info': 'SASL(-1): generic failure: GSSAPI Error:  Miscellaneous failure (see text) (PROCESS_TGS)'}
+ res=1
+ /bin/chmod 600 /etc/directoryservice/LDAP/config
+ return 1
+ return 1
+ return 1
+ ldap_set 0
+ local 'enable=0'
+ [ -z 0 ]
+ /usr/local/bin/sqlite3fn /data/freenas-v1.db $'\tUPDATE
\t\tdirectoryservice_ldap
\tSET
\t\tldap_enable = 0
\t'
+ return 0
+ return 1
+ _return=1
+ [ 1 -ne 0 ]
+ [ -z '' ]
+ return 1
+ return 1


Looks like it's not generating a config file?....
Code:
[root@abyss /etc/directoryservice/LDAP]# for file in $(find $PWD -type f); do printf "=== %s ===\n" "$file"; cat $file; done
=== /etc/directoryservice/LDAP/config ===
=== /etc/directoryservice/LDAP/ctl ===
#!/bin/sh

. /etc/rc.freenas

cifs_file="/tmp/.cifs_LDAP"
status_file="/var/run/directoryservice.ldap"
service=/usr/sbin/service
python=/usr/local/bin/python
notifier=/usr/local/bin/midclt

ldapctl_cmd()
{
    local args="$*"

    if [ -n "${args}" ]
    then
        logger -t LDAP "${args}"
        ${args}
        return $?
    fi

    return 0
}

sssd_running()
{
    ${service} sssd onestatus >/dev/null 2>&1
    return $?
}

sssd_start()
{
    ldapctl_cmd ${service} sssd onestart
    return $?
}

sssd_stop()
{
    ldapctl_cmd ${service} sssd onestop
    return $?
}

sssd_restart()
{
    ldapctl_cmd ${service} sssd onestop
    ldapctl_cmd ${service} sssd onestart
    return $?
}

nslcd_running()
{
    ${service} nslcd onestatus >/dev/null 2>&1
    return $?
}

nslcd_start()
{
    ldapctl_cmd ${service} nslcd onestart
    return $?
}

nslcd_stop()
{
    ldapctl_cmd ${service} nslcd onestop
    return $?
}

nslcd_restart()
{
    ldapctl_cmd ${service} nslcd onestop
    ldapctl_cmd ${service} nslcd onestart
    return $?
}

cifs_enabled()
{
    srv_enabled cifs && return 0
    return 1
}

cifs_restart()
{
    ldapctl_cmd ${python} ${notifier} call notifier.stop cifs
    ldapctl_cmd ${python} ${notifier} call notifier.start cifs
    return $?
}

cifs_reset()
{
    ldapctl_cmd ${service} ix-pre-samba start

    if cifs_enabled;
    then
        cifs_restart
    fi
}

ldapctl_start()
{
    local ldap_started=0
    local realm
    local keytab_principal
    local syspool=$(eval echo $(${notifier} call systemdataset.config | /usr/local/bin/jq .pool))
    local is_freenas=$(${notifier} call system.is_freenas)
    local failover_status='SINGLE'
    if [ ${is_freenas} == 'False' ]; then
        failover_status=$(${notifier} call notifier.failover_status)
    fi

    if [ ${syspool} != "freenas-boot" ] && [ ${failover_status} == "BACKUP" ]; then
        return 0
    fi

    # chicken & eggs
    realm=$(LDAP_get_krb_realm)
    if [ -n "${realm}" ]
    then
        ldapctl_cmd ${service} ix-kerberos quietstart default "${realm}"
    fi

    if ! LDAP_init
    then
        ldap_set 0
        return 1
    fi

    if ldap_enabled
    then
        ldap_started=1
    else
        ldap_set 1
    fi

    if ! ldapctl_cmd ${service} ix-ldap quietstart
    then
        ldap_set 0
        cifs_reset
        return 1
    fi

    ldap_krb_realm="$(LDAP_get ldap_krb_realm)"
    if [ -n "${ldap_krb_realm}" ]
    then
        ldapctl_cmd ${service} ix-kerberos quietstart default "${ldap_krb_realm}"
    fi

    ldapctl_cmd ${service} ix-nsswitch quietstart

    realm="$(LDAP_get ldap_krb_realm)"
    keytab_principal="$(LDAP_get ldap_keytab_principal)"

    if [ -n "${realm}" -o -n "${keytab_principal}" ]
    then
        ldapctl_cmd ${service} ix-kinit quietstart
        if ! ldapctl_cmd ${service} ix-kinit status
        then
            ldap_set 0
            cifs_reset
            return 1
        fi
    fi

    anonbind="$(LDAP_get ldap_anonbind)"
    if [ "${anonbind}" = "0" ]
    then
        ldapctl_cmd ${service} ix-sssd start
        if sssd_running
        then
            sssd_restart
        else
            sssd_start
        fi

    elif [ "${anonbind}" = "1" ]
    then
        ldapctl_cmd ${service} ix-pam quietstart
        if nslcd_running
        then
            nslcd_restart
        else
            nslcd_start
        fi
    fi

    if ! ldapctl_cmd ${service} ix-ldap status
    then
        ldap_set 0
        cifs_reset
        return 1
    fi

    if cifs_enabled && LDAP_has_samba_schema
    then
        cifs_restart
    fi

    ldapctl_cmd ${service} ix-pam quietstart
    ldapctl_cmd ${python} ${notifier} call notifier.cachetool fill > /dev/null
    touch "${status_file}"

    return 0
}

ldapctl_stop()
{
    LDAP_init

    if ! ldap_enabled
    then
        ldap_set 1
    fi

    if sssd_running
    then
        sssd_stop
        ldapctl_cmd ${service} ix-sssd start
    fi
    if nslcd_running
    then
        nslcd_stop
        ldapctl_cmd ${service} ix-nslcd start
    fi

    ldapctl_cmd ${service} ix-ldap forcestop
    ldapctl_cmd ${service} ix-nsswitch quietstop
    ldapctl_cmd ${service} ix-pam quietstop
    ldapctl_cmd "${service} ix-cache quietstop &"

    ldap_set 0

    if cifs_enabled && LDAP_has_samba_schema
    then
        cifs_restart
    fi

    ldapctl_cmd ${service} ix-kinit quietstop
    rm -f "${status_file}"

    return 0
}

ldapctl_status()
{
    ldapctl_cmd ${service} ix-ldap status
}

name="ldapctl"
start_cmd='ldapctl_start'
status_cmd='ldapctl_status'
stop_cmd='ldapctl_stop'
extra_commands='status'

load_rc_config $name
run_rc_command "$1"
 
Last edited:

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,546
The actual failure is here:
Code:
+ /usr/local/bin/ldaptool get config_file
ERROR: {'desc': 'Local error', 'info': 'SASL(-1): generic failure: GSSAPI Error:  Miscellaneous failure (see text) (PROCESS_TGS)'}
+ res=1
+ /bin/chmod 600 /etc/directoryservice/LDAP/config

Looks like a kerberos error. Check time on the FreeNAS server and your FreeIPA server. Make sure difference is less than five minutes. Also make sure you have proper forward and reverse DNS entries for the FreeNAS server.
 

bako

Dabbler
Joined
Jul 10, 2019
Messages
19
The actual failure is here:
Looks like a kerberos error. Check time on the FreeNAS server and your FreeIPA server. Make sure difference is less than five minutes. Also make sure you have proper forward and reverse DNS entries for the FreeNAS server.

Still issues... but, I think they're different errors now. I think it might be related to the keytabs. Any idea what that's supposed to look like?

Code:
[root@abyss /mnt/MAIN/HOME/binary]# sh -x /etc/directoryservice/LDAP/ctl start
+ . /etc/rc.freenas
+ . /etc/rc.subr
+ : 1113
+ export RC_PID
+ [ -n '' ]
+ _rc_subr_loaded=YES
+ SYSCTL=/sbin/sysctl
+ SYSCTL_N='/sbin/sysctl -n'
+ SYSCTL_W=/sbin/sysctl
+ PROTECT=/usr/bin/protect
+ ID=/usr/bin/id
+ IDCMD='if [ -x /usr/bin/id ]; then /usr/bin/id -un; fi'
+ PS='/bin/ps -ww'
+ JID=0
+ _rc_namevarlist='program chroot chdir env flags fib nice user group groups prepend'
+ kenv -q rc.debug
+ : /data/freenas-v1.db
+ : /var/tmp/freenas_config.md5
+ : /usr/local/bin/sqlite3fn
+ : /var/tmp/rc.conf.freenas
+ : /etc/version
+ : /var/db/system
+ : /data/cd-upgrade
+ : /data/need-update
+ : /data/first-boot
+ : /usr/bin/openssl
+ : /etc/certificates
+ : /etc/certificates/CA
+ : /usr/local/sbin/nginx
+ : /usr/local/etc/nginx
+ : /usr/local/etc/rc.d/nginx
+ : /usr/local/etc/nginx/nginx.conf
+ : 443
+ : 80
+ : /var/tmp/.cache
+ : 2g
+ : 60
+ : /usr/local/etc/sssd/sssd.conf
+ : /usr/local/etc/openldap/ldap.conf
+ : /usr/local/etc/certs/cacert.crt
+ : 0
+ : /etc/ix/templates/pam.d
+ : /etc/pam.d
+ : /etc/nsswitch.conf
+ : /etc/ix/templates/kerberos/krb5.conf
+ : /etc/krb5.conf
+ : /etc/AD.keytab
+ : /usr/local/etc/smb4.conf
+ : /usr/local/bin/warden
+ : /tmp/.ha_mode
+ ls /etc/directoryservice/rc.ActiveDirectory /etc/directoryservice/rc.DomainController /etc/directoryservice/rc.LDAP /etc/directoryservice/rc.NIS
+ . /etc/directoryservice/rc.ActiveDirectory
+ . /etc/rc.subr
+ : 1113
+ export RC_PID
+ [ -n YES ]
+ return
+ : /etc/directoryservice/ActiveDirectory
+ : /etc/directoryservice/ActiveDirectory/config
+ : /etc/directoryservice/ActiveDirectory/ctl
+ : 10
+ : 10
+ : /usr/local/bin/adtool
+ . /etc/directoryservice/rc.DomainController
+ . /etc/rc.subr
+ : 1113
+ export RC_PID
+ [ -n YES ]
+ return
+ . /etc/directoryservice/rc.LDAP
+ . /etc/rc.subr
+ : 1113
+ export RC_PID
+ [ -n YES ]
+ return
+ : /etc/directoryservice/LDAP
+ : /etc/directoryservice/LDAP/config
+ : /usr/local/etc/nss_ldap.conf
+ : /usr/local/etc/nss_ldap.secret
+ : /usr/local/etc/openldap/ldap.conf
+ : /usr/local/etc/certs/cacert.crt
+ : 0
+ : /usr/local/bin/ldaptool
+ . /etc/directoryservice/rc.NIS
+ . /etc/rc.subr
+ : 1113
+ export RC_PID
+ [ -n YES ]
+ return
+ : /etc/directoryservice/NT4
+ : /etc/directoryservice/NT4/ctl
+ : +:::::::::
+ : '+:*::'
+ : +::
+ cifs_file=/tmp/.cifs_LDAP
+ status_file=/var/run/directoryservice.ldap
+ service=/usr/sbin/service
+ python=/usr/local/bin/python
+ notifier=/usr/local/bin/midclt
+ name=ldapctl
+ start_cmd=ldapctl_start
+ status_cmd=ldapctl_status
+ stop_cmd=ldapctl_stop
+ extra_commands=status
+ load_rc_config ldapctl
+ local _name _rcvar_val _var _defval _v _msg _new _d
+ _name=ldapctl
+ false
+ [ -r /etc/defaults/rc.conf ]
+ debug 'Sourcing /etc/defaults/rc.conf'
+ . /etc/defaults/rc.conf
+ rc_info=NO
+ rc_startmsgs=YES
+ rcshutdown_timeout=90
+ early_late_divider=FILESYSTEMS
+ always_force_depends=NO
+ apm_enable=NO
+ apmd_enable=NO
+ apmd_flags=''
+ ddb_enable=NO
+ ddb_config=/etc/ddb.conf
+ devd_enable=YES
+ devd_flags=''
+ kldxref_enable=NO
+ kldxref_clobber=NO
+ kldxref_module_path=''
+ powerd_enable=NO
+ powerd_flags=''
+ tmpmfs=AUTO
+ tmpsize=20m
+ tmpmfs_flags=-S
+ varmfs=AUTO
+ varsize=32m
+ varmfs_flags=-S
+ mfs_type=auto
+ populate_var=AUTO
+ cleanvar_enable=YES
+ local_startup=/usr/local/etc/rc.d
+ script_name_sep=' '
+ rc_conf_files='/etc/rc.conf /etc/rc.conf.local'
+ zfs_enable=NO
+ zfsd_enable=NO
+ gptboot_enable=YES
+ gbde_autoattach_all=NO
+ gbde_devices=NO
+ gbde_attach_attempts=3
+ gbde_lockdir=/etc
+ geli_devices=''
+ geli_tries=''
+ geli_default_flags=''
+ geli_autodetach=YES
+ root_rw_mount=YES
+ root_hold_delay=30
+ fsck_y_enable=NO
+ fsck_y_flags='-T ffs:-R -T ufs:-R'
+ background_fsck=YES
+ background_fsck_delay=60
+ netfs_types='nfs:NFS smbfs:SMB'
+ extra_netfs_types=NO
+ hostname=''
+ hostid_enable=YES
+ hostid_file=/etc/hostid
+ nisdomainname=NO
+ dhclient_program=/sbin/dhclient
+ dhclient_flags=''
+ background_dhclient=NO
+ synchronous_dhclient=NO
+ defaultroute_delay=30
+ defaultroute_carrier_delay=5
+ netif_enable=YES
+ netif_ipexpand_max=2048
+ wpa_supplicant_program=/usr/sbin/wpa_supplicant
+ wpa_supplicant_flags=-s
+ wpa_supplicant_conf_file=/etc/wpa_supplicant.conf
+ firewall_enable=NO
+ firewall_script=/etc/rc.firewall
+ firewall_type=UNKNOWN
+ firewall_quiet=NO
+ firewall_logging=NO
+ firewall_logif=NO
+ firewall_flags=''
+ firewall_coscripts=''
+ firewall_client_net=192.0.2.0/24
+ firewall_simple_iif=ed1
+ firewall_simple_inet=192.0.2.16/28
+ firewall_simple_oif=ed0
+ firewall_simple_onet=192.0.2.0/28
+ firewall_myservices=''
+ firewall_allowservices=''
+ firewall_trusted=''
+ firewall_logdeny=NO
+ firewall_nologports='135-139,445 1026,1027 1433,1434'
+ firewall_nat_enable=NO
+ firewall_nat_interface=''
+ firewall_nat_flags=''
+ dummynet_enable=NO
+ ipfw_netflow_enable=NO
+ ip_portrange_first=NO
+ ip_portrange_last=NO
+ ike_enable=NO
+ ike_program=/usr/local/sbin/isakmpd
+ ike_flags=''
+ ipsec_enable=NO
+ ipsec_file=/etc/ipsec.conf
+ natd_program=/sbin/natd
+ natd_enable=NO
+ natd_interface=''
+ natd_flags=''
+ ipfilter_enable=NO
+ ipfilter_program=/sbin/ipf
+ ipfilter_rules=/etc/ipf.rules
+ ipfilter_flags=''
+ ipnat_enable=NO
+ ipnat_program=/sbin/ipnat
+ ipnat_rules=/etc/ipnat.rules
+ ipnat_flags=''
+ ipmon_enable=NO
+ ipmon_program=/sbin/ipmon
+ ipmon_flags=-Ds
+ ipfs_enable=NO
+ ipfs_program=/sbin/ipfs
+ ipfs_flags=''
+ pf_enable=NO
+ pf_rules=/etc/pf.conf
+ pf_program=/sbin/pfctl
+ pf_flags=''
+ pflog_enable=NO
+ pflog_logfile=/var/log/pflog
+ pflog_program=/sbin/pflogd
+ pflog_flags=''
+ ftpproxy_enable=NO
+ ftpproxy_flags=''
+ pfsync_enable=NO
+ pfsync_syncdev=''
+ pfsync_syncpeer=''
+ pfsync_ifconfig=''
+ tcp_extensions=YES
+ log_in_vain=0
+ tcp_keepalive=YES
+ tcp_drop_synfin=NO
+ icmp_drop_redirect=NO
+ icmp_log_redirect=NO
+ network_interfaces=auto
+ cloned_interfaces=''
+ sppp_interfaces=''
+ ppp_enable=NO
+ ppp_program=/usr/sbin/ppp
+ ppp_mode=auto
+ ppp_nat=YES
+ ppp_profile=papchap
+ ppp_user=root
+ hostapd_enable=NO
+ syslogd_enable=YES
+ syslogd_program=/usr/sbin/syslogd
+ syslogd_flags=-s
+ syslogd_oomprotect=YES
+ altlog_proglist=''
+ inetd_enable=NO
+ inetd_program=/usr/sbin/inetd
+ inetd_flags='-wW -C 60'
+ iscsid_enable=NO
+ iscsictl_enable=NO
+ iscsictl_flags=-Aa
+ hastd_enable=NO
+ hastd_program=/sbin/hastd
+ hastd_flags=''
+ ctld_enable=NO
+ local_unbound_enable=NO
+ blacklistd_enable=NO
+ blacklistd_flags=''
+ kdc_enable=NO
+ kdc_program=/usr/libexec/kdc
+ kdc_flags=''
+ kadmind_enable=NO
+ kadmind_program=/usr/libexec/kadmind
+ kpasswdd_enable=NO
+ kpasswdd_program=/usr/libexec/kpasswdd
+ kfd_enable=NO
+ kfd_program=/usr/libexec/kfd
+ kfd_flags=''
+ ipropd_master_enable=NO
+ ipropd_master_program=/usr/libexec/ipropd-master
+ ipropd_master_flags=''
+ ipropd_master_keytab=/etc/krb5.keytab
+ ipropd_master_slaves=''
+ ipropd_slave_enable=NO
+ ipropd_slave_program=/usr/libexec/ipropd-slave
+ ipropd_slave_flags=''
+ ipropd_slave_keytab=/etc/krb5.keytab
+ ipropd_slave_master=''
+ gssd_enable=NO
+ gssd_program=/usr/sbin/gssd
+ gssd_flags=''
+ rwhod_enable=NO
+ rwhod_flags=''
+ rarpd_enable=NO
+ rarpd_flags=-a
+ bootparamd_enable=NO
+ bootparamd_flags=''
+ pppoed_enable=NO
+ pppoed_provider='*'
+ pppoed_flags='-P /var/run/pppoed.pid'
+ pppoed_interface=fxp0
+ sshd_enable=NO
+ sshd_program=/usr/sbin/sshd
+ sshd_flags=''
+ ftpd_enable=NO
+ ftpd_program=/usr/libexec/ftpd
+ ftpd_flags=''
+ amd_enable=NO
+ amd_program=/usr/sbin/amd
+ amd_flags='-a /.amd_mnt -l syslog /host /etc/amd.map /net /etc/amd.map'
+ amd_map_program=NO
+ autofs_enable=NO
+ automount_flags=''
+ automountd_flags=''
+ autounmountd_flags=''
+ nfs_client_enable=NO
+ nfs_access_cache=60
+ nfs_server_enable=NO
+ nfs_server_flags='-u -t'
+ nfs_server_managegids=NO
+ mountd_enable=NO
+ mountd_flags='-r -S'
+ weak_mountd_authentication=NO
+ nfs_reserved_port_only=NO
+ nfs_bufpackets=''
+ rpc_lockd_enable=NO
+ rpc_lockd_flags=''
+ rpc_statd_enable=NO
+ rpc_statd_flags=''
+ rpcbind_enable=NO
+ rpcbind_program=/usr/sbin/rpcbind
+ rpcbind_flags=''
+ rpc_ypupdated_enable=NO
+ keyserv_enable=NO
+ keyserv_flags=''
+ nfsv4_server_enable=NO
+ nfscbd_enable=NO
+ nfscbd_flags=''
+ nfsuserd_enable=NO
+ nfsuserd_flags=''
+ timed_enable=NO
+ timed_flags=''
+ ntpdate_enable=NO
+ ntpdate_program=/usr/sbin/ntpdate
+ ntpdate_flags=-b
+ ntpdate_config=/etc/ntp.conf
+ ntpdate_hosts=''
+ ntpd_enable=NO
+ ntpd_program=/usr/sbin/ntpd
+ ntpd_config=/etc/ntp.conf
+ ntpd_sync_on_start=NO
+ ntpd_flags='-p /var/run/ntpd.pid -f /var/db/ntpd.drift'
+ ntp_src_leapfile=/etc/ntp/leap-seconds
+ ntp_db_leapfile=/var/db/ntpd.leap-seconds.list
+ ntp_leapfile_sources=https://www.ietf.org/timezones/data/leap-seconds.list
+ ntp_leapfile_fetch_opts=-mq
+ ntp_leapfile_expiry_days=30
+ ntp_leapfile_fetch_verbose=NO
+ nis_client_enable=NO
+ nis_client_flags=''
+ nis_ypset_enable=NO
+ nis_ypset_flags=''
+ nis_server_enable=NO
+ nis_server_flags=''
+ nis_ypxfrd_enable=NO
+ nis_ypxfrd_flags=''
+ nis_yppasswdd_enable=NO
+ nis_yppasswdd_flags=''
+ nis_ypldap_enable=NO
+ nis_ypldap_flags=''
+ bsnmpd_enable=NO
+ bsnmpd_flags=''
+ defaultrouter=NO
+ static_arp_pairs=''
+ static_ndp_pairs=''
+ static_routes=''
+ natm_static_routes=''
+ gateway_enable=NO
+ routed_enable=NO
+ routed_program=/sbin/routed
+ routed_flags=-q
+ arpproxy_all=NO
+ forward_sourceroute=NO
+ accept_sourceroute=NO
+ atm_enable=NO
+ atm_pvcs=''
+ atm_arps=''
+ hcsecd_enable=NO
+ hcsecd_config=/etc/bluetooth/hcsecd.conf
+ sdpd_enable=NO
+ sdpd_control=/var/run/sdp
+ sdpd_groupname=nobody
+ sdpd_username=nobody
+ bthidd_enable=NO
+ bthidd_config=/etc/bluetooth/bthidd.conf
+ bthidd_hids=/var/db/bthidd.hids
+ rfcomm_pppd_server_enable=NO
+ rfcomm_pppd_server_profile='one two'
+ rfcomm_pppd_server_one_channel=1
+ rfcomm_pppd_server_two_channel=3
+ ubthidhci_enable=NO
+ netwait_enable=NO
+ netwait_timeout=60
+ netwait_if_timeout=30
+ icmp_bmcastecho=NO
+ ipv6_network_interfaces=auto
+ ipv6_activate_all_interfaces=NO
+ ipv6_defaultrouter=NO
+ ipv6_static_routes=''
+ ipv6_gateway_enable=NO
+ ipv6_cpe_wanif=NO
+ ipv6_privacy=NO
+ route6d_enable=NO
+ route6d_program=/usr/sbin/route6d
+ route6d_flags=''
+ ipv6_default_interface=NO
+ rtsol_flags=''
+ rtsold_enable=NO
+ rtsold_flags=-a
+ rtadvd_enable=NO
+ rtadvd_interfaces=''
+ mroute6d_enable=NO
+ mroute6d_program=/usr/local/sbin/pim6dd
+ mroute6d_flags=''
+ stf_interface_ipv4addr=''
+ stf_interface_ipv4plen=0
+ stf_interface_ipv6_ifid=0:0:0:1
+ stf_interface_ipv6_slaid=0000
+ ipv6_ipv4mapping=NO
+ ipv6_ipfilter_rules=/etc/ipf6.rules
+ ip6addrctl_enable=YES
+ ip6addrctl_verbose=NO
+ ip6addrctl_policy=AUTO
+ keyboard=''
+ keymap=NO
+ keyrate=NO
+ keybell=NO
+ keychange=NO
+ cursor=NO
+ scrnmap=NO
+ font8x16=NO
+ font8x14=NO
+ font8x8=NO
+ blanktime=300
+ saver=NO
+ moused_nondefault_enable=YES
+ moused_enable=NO
+ moused_type=auto
+ moused_port=/dev/psm0
+ moused_flags=''
+ mousechar_start=NO
+ allscreens_flags=''
+ allscreens_kbdflags=''
+ mta_start_script=/etc/rc.sendmail
+ sendmail_enable=NO
+ sendmail_pidfile=/var/run/sendmail.pid
+ sendmail_procname=/usr/sbin/sendmail
+ sendmail_flags='-L sm-mta -bd -q30m'
+ sendmail_cert_create=YES
+ sendmail_submit_enable=YES
+ sendmail_submit_flags='-L sm-mta -bd -q30m -ODaemonPortOptions=Addr=localhost'
+ sendmail_outbound_enable=YES
+ sendmail_outbound_flags='-L sm-queue -q30m'
+ sendmail_msp_queue_enable=YES
+ sendmail_msp_queue_flags='-L sm-msp-queue -Ac -q30m'
+ sendmail_rebuild_aliases=NO
+ auditd_enable=NO
+ auditd_program=/usr/sbin/auditd
+ auditd_flags=''
+ auditdistd_enable=NO
+ auditdistd_program=/usr/sbin/auditdistd
+ auditdistd_flags=''
+ cron_enable=YES
+ cron_program=/usr/sbin/cron
+ cron_dst=YES
+ cron_flags=''
+ lpd_enable=NO
+ lpd_program=/usr/sbin/lpd
+ lpd_flags=''
+ nscd_enable=NO
+ chkprintcap_enable=NO
+ chkprintcap_flags=-d
+ dumpdev=NO
+ dumpdir=/var/crash
+ savecore_enable=YES
+ savecore_flags='-m 10'
+ crashinfo_enable=YES
+ crashinfo_program=/usr/sbin/crashinfo
+ quota_enable=NO
+ check_quotas=YES
+ quotaon_flags=-a
+ quotaoff_flags=-a
+ quotacheck_flags=-a
+ accounting_enable=NO
+ ibcs2_enable=NO
+ ibcs2_loaders=coff
+ firstboot_sentinel=/firstboot
+ sysvipc_enable=NO
+ linux_enable=NO
+ svr4_enable=NO
+ clear_tmp_enable=NO
+ clear_tmp_X=YES
+ ldconfig_insecure=NO
+ ldconfig_paths='/usr/lib/compat /usr/local/lib /usr/local/lib/compat/pkg'
+ ldconfig32_paths='/usr/lib32 /usr/lib32/compat'
+ ldconfigsoft_paths='/usr/libsoft /usr/libsoft/compat /usr/local/libsoft'
+ ldconfig_paths_aout='/usr/lib/compat/aout /usr/local/lib/aout'
+ ldconfig_local_dirs=/usr/local/libdata/ldconfig
+ ldconfig_local32_dirs=/usr/local/libdata/ldconfig32
+ ldconfig_localsoft_dirs=/usr/local/libdata/ldconfigsoft
+ kern_securelevel_enable=NO
+ kern_securelevel=-1
+ update_motd=YES
+ entropy_boot_file=/boot/entropy
+ entropy_file=/entropy
+ entropy_dir=/var/db/entropy
+ entropy_save_sz=4096
+ entropy_save_num=8
+ harvest_mask=511
+ dmesg_enable=YES
+ watchdogd_enable=NO
+ watchdogd_flags=''
+ devfs_rulesets='/etc/defaults/devfs.rules /etc/devfs.rules'
+ devfs_system_ruleset=''
+ devfs_set_rulesets=''
+ devfs_load_rulesets=YES
+ performance_cx_lowest=C2
+ performance_cpu_freq=NONE
+ economy_cx_lowest=Cmax
+ economy_cpu_freq=NONE
+ virecover_enable=YES
+ ugidfw_enable=NO
+ bsdextended_script=/etc/rc.bsdextended
+ newsyslog_enable=YES
+ newsyslog_flags=-CN
+ mixer_enable=YES
+ opensm_enable=NO
+ rctl_enable=YES
+ rctl_rules=/etc/rctl.conf
+ iovctl_files=''
+ jail_enable=NO
+ jail_confwarn=YES
+ jail_parallel_start=NO
+ jail_list=''
+ jail_reverse_stop=NO
+ [ -z '' ]
+ source_rc_confs_defined=yes
+ [ -r /etc/defaults/vendor.conf ]
+ source_rc_confs
+ local i sourced_files
+ sourced_files=:/etc/rc.conf:
+ [ -r /etc/rc.conf ]
+ . /etc/rc.conf
+ hostname=freenas
+ openssh_enable=YES
+ sendmail_enable=NONE
+ background_fsck=NO
+ fsck_y_enable=YES
+ synchronous_dhclient=YES
+ ntpd_enable=YES
+ ntpd_sync_on_start=YES
+ vmware_guest_vmblock_enable=YES
+ vmware_guest_vmhgfs_enable=YES
+ vmware_guest_vmmemctl_enable=YES
+ devfs_system_ruleset=usbrules
+ clear_tmp_X=NO
+ geli_autodetach=NO
+ savecore_enable=NO
+ dumpdev=NO
+ dumpdir=/data/crash
+ ix_textdump_enable=YES
+ early_kld_list='geom_mirror geom_multipath'
+ kld_list='dtraceall hwpmc t3_tom t4_tom'
+ dbus_enable=YES
+ mdnsd_enable=YES
+ performance_cpu_freq=HIGH
+ local_startup='/etc/ix.rc.d /usr/local/etc/rc.d'
+ early_late_divider='*'
+ root_rw_mount=YES
+ syslogd_enable=NO
+ syslog_ng_enable=YES
+ nginx_enable=YES
+ nginx_login_class=nginx
+ devd_flags=-q
+ cleanvar_enable=NO
+ openssh_skipportscheck=YES
+ inadyn_flags=--continue-on-error
+ sourced_files=:/etc/rc.conf::/etc/rc.conf.local:
+ [ -r /etc/rc.conf.local ]
+ . /etc/rc.conf.local
+ . /etc/rc.freenas
+ . /etc/rc.subr
+ : 1113
+ export RC_PID
+ [ -n YES ]
+ return
+ : /data/freenas-v1.db
+ : /var/tmp/freenas_config.md5
+ : /usr/local/bin/sqlite3fn
+ : /var/tmp/rc.conf.freenas
+ : /etc/version
+ : /var/db/system
+ : /data/cd-upgrade
+ : /data/need-update
+ : /data/first-boot
+ : /usr/bin/openssl
+ : /etc/certificates
+ : /etc/certificates/CA
+ : /usr/local/sbin/nginx
+ : /usr/local/etc/nginx
+ : /usr/local/etc/rc.d/nginx
+ : /usr/local/etc/nginx/nginx.conf
+ : 443
+ : 80
+ : /var/tmp/.cache
+ : 2g
+ : 60
+ : /usr/local/etc/sssd/sssd.conf
+ : /usr/local/etc/openldap/ldap.conf
+ : /usr/local/etc/certs/cacert.crt
+ : 0
+ : /etc/ix/templates/pam.d
+ : /etc/pam.d
+ : /etc/nsswitch.conf
+ : /etc/ix/templates/kerberos/krb5.conf
+ : /etc/krb5.conf
+ : /etc/AD.keytab
+ : /usr/local/etc/smb4.conf
+ : /usr/local/bin/warden
+ : /tmp/.ha_mode
+ ls /etc/directoryservice/rc.ActiveDirectory /etc/directoryservice/rc.DomainController /etc/directoryservice/rc.LDAP /etc/directoryservice/rc.NIS
+ . /etc/directoryservice/rc.ActiveDirectory
+ . /etc/rc.subr
+ : 1113
+ export RC_PID
+ [ -n YES ]
+ return
+ : /etc/directoryservice/ActiveDirectory
+ : /etc/directoryservice/ActiveDirectory/config
+ : /etc/directoryservice/ActiveDirectory/ctl
+ : 10
+ : 10
+ : /usr/local/bin/adtool
+ . /etc/directoryservice/rc.DomainController
+ . /etc/rc.subr
+ : 1113
+ export RC_PID
+ [ -n YES ]
+ return
+ . /etc/directoryservice/rc.LDAP
+ . /etc/rc.subr
+ : 1113
+ export RC_PID
+ [ -n YES ]
+ return
+ : /etc/directoryservice/LDAP
+ : /etc/directoryservice/LDAP/config
+ : /usr/local/etc/nss_ldap.conf
+ : /usr/local/etc/nss_ldap.secret
+ : /usr/local/etc/openldap/ldap.conf
+ : /usr/local/etc/certs/cacert.crt
+ : 0
+ : /usr/local/bin/ldaptool
+ . /etc/directoryservice/rc.NIS
+ . /etc/rc.subr
+ : 1113
+ export RC_PID
+ [ -n YES ]
+ return
+ : /etc/directoryservice/NT4
+ : /etc/directoryservice/NT4/ctl
+ : +:::::::::
+ : '+:*::'
+ : +::
+ md5 -q /data/freenas-v1.db
+ _NEWSUM=784890ea8f78d91a9c05faba389e942f
+ cat /var/tmp/freenas_config.md5
+ _OLDSUM=784890ea8f78d91a9c05faba389e942f
+ id -u
+ [ 0 -eq 0 -a ! 784890ea8f78d91a9c05faba389e942f '=' 784890ea8f78d91a9c05faba389e942f -a ! -f /data/need-update ]
+ export 'LANG=en_US.UTF-8'
+ [ -f /var/tmp/rc.conf.freenas ]
+ . /var/tmp/rc.conf.freenas
+ ifconfig_igb0='inet 10.0.0.240/24 '
+ hostname=abyss.neverland.ddns.me
+ defaultrouter=10.0.0.1
+ netwait_enable=YES
+ netwait_ip=10.0.0.1
+ netatalk_enable=YES
+ proftpd_enable=NO
+ nfs_server_enable=YES
+ rpc_lockd_enable=YES
+ rpc_statd_enable=YES
+ mountd_enable=YES
+ nfsd_enable=YES
+ rpcbind_enable=YES
+ rsyncd_enable=YES
+ snmpd_enable=NO
+ snmp_agent_enable=NO
+ openssh_enable=YES
+ inetd_enable=NO
+ inadyn_enable=YES
+ ladvd_enable=NO
+ ctld_enable=NO
+ apache24_enable=NO
+ smartd_daemon_enable=YES
+ netdata_enable=YES
+ samba_server_enable=YES
+ smbd_enable=YES
+ nmbd_enable=YES
+ winbindd_enable=YES
+ dssystem_env='PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/root/bin'
+ postgresql_data=/mnt//database
+ postgresql_user=pgsql
+ snmpd_conffile=/etc/local/snmpd.conf
+ snmpd_flags=-LS3d
+ sssd_enable=NO
+ nslcd_enable=NO
+ nut_enable=YES
+ nut_upsshut=NO
+ nut_upslog_ups=ups
+ nut_upslog_enable=YES
+ nut_upsmon_enable=YES
+ nfsv4_server_enable=NO
+ gssd_enable=YES
+ zfs_enable=YES
+ powerd_enable=NO
+ collectd_enable=YES
+ rrdcached_enable=YES
+ failover_enable=NO
+ nfs_server_flags='-t -n 4 '
+ rpc_statd_flags=''
+ rpc_lockd_flags=''
+ mountd_flags=-rS
+ smartd_daemon_flags='-i 1800'
+ minio_disks=''
+ minio_address=:9000
+ minio_env='MINIO_ACCESS_KEY= MINIO_SECRET_KEY= '
+ MINIO_BROWSER=off
+ ixssl_list=''
+ keymap=us
+ geli_devices=''
+ ladvd_flags='-a -z'
+ ataidle_enable=YES
+ watchdogd_flags='--pretimeout 5 --pretimeout-action log,printf'
+ watchdogd_enable=YES
+ zfsd_enable=YES
+ vmware_guestd_enable=NO
+ _rc_conf_loaded=true
+ [ -n ldapctl ]
+ _d=/etc
+ [ -f /etc/rc.conf.d/ldapctl ]
+ [ -d /etc/rc.conf.d/ldapctl ]
+ _d=/etc/ix.rc.d
+ [ -f /etc/ix.rc.d/rc.conf.d/ldapctl ]
+ [ -d /etc/ix.rc.d/rc.conf.d/ldapctl ]
+ _d=/usr/local/etc
+ [ -f /usr/local/etc/rc.conf.d/ldapctl ]
+ [ -d /usr/local/etc/rc.conf.d/ldapctl ]
+ run_rc_command start
+ _return=0
+ rc_arg=start
+ [ -z ldapctl ]
+ shift 1
+ rc_extra_args=''
+ _rc_prefix=''
+ eval '_override_command=$ldapctl_program'
+ _override_command=''
+ command=''
+ _keywords='start stop restart rcvar enabled describe extracommands status'
+ rc_pid=''
+ _pidcmd=''
+ _procname=''
+ [ -n '' ]
+ [ -z start ]
+ [ start '=' enabled ]
+ [ -n '' ]
+ eval 'rc_flags=$ldapctl_flags'
+ rc_flags=''
+ eval '_chdir=$ldapctl_chdir' '_chroot=$ldapctl_chroot' '_nice=$ldapctl_nice' '_user=$ldapctl_user' '_group=$ldapctl_group' '_groups=$ldapctl_groups' '_fib=$ldapctl_fib' '_env=$ldapctl_env' '_prepend=$ldapctl_prepend' '_login_class=${ldapctl_login_class:-daemon}' '_oomprotect=$ldapctl_oomprotect'
+ _chdir='' _chroot='' _nice='' _user='' _group='' _groups='' _fib='' _env='' _prepend='' _login_class=daemon _oomprotect=''
+ [ -n '' ]
+ [ -z '' ]
+ eval
+ [ start '!=' start ]
+ [ -n '' -a start '!=' rcvar -a start '!=' stop -a start '!=' describe ]
+ [ -n '' -a start '=' stop -a -z '' ]
+ [ start '=' start -a -z '' -a -n '' ]
+ eval '_cmd=$start_cmd' '_precmd=$start_precmd' '_postcmd=$start_postcmd'
+ _cmd=ldapctl_start _precmd='' _postcmd=''
+ [ -n ldapctl_start ]
+ _run_rc_precmd
+ check_required_before start
+ local _f
+ return 0
+ [ -n '' ]
+ check_required_after start
+ local _f _args
+ return 0
+ return 0
+ _run_rc_doit 'ldapctl_start '
+ debug 'run_rc_command: doit: ldapctl_start '
+ eval 'ldapctl_start '
+ ldapctl_start
+ local 'ldap_started=0'
+ local realm
+ local keytab_principal
+ /usr/local/bin/midclt call systemdataset.config
+ /usr/local/bin/jq .pool
+ eval echo '"MAIN"'
+ echo MAIN
+ local 'syspool=MAIN'
+ /usr/local/bin/midclt call system.is_freenas
+ local 'is_freenas=True'
+ local 'failover_status=SINGLE'
+ [ True '==' False ]
+ [ MAIN '!=' freenas-boot ]
+ [ SINGLE '==' BACKUP ]
+ LDAP_get_krb_realm
+ name=ldap_krb_realm
+ ro_sqlite ldap_krb_realm
+ rm /tmp/ldap_krb_realm.fail
+ RO_FREENAS_CONFIG=/tmp/ldap_krb_realm.aAGga
+ trap 'rm -f ${RO_FREENAS_CONFIG}' EXIT
+ /usr/local/bin/sqlite3fn /tmp/ldap_krb_realm.aAGga $'\t\tSELECT
\t\t\tkrb.krb_realm
\t\tFROM
\t\t\tdirectoryservice_kerberosrealm as krb

\t\tINNER JOIN
\t\t\tdirectoryservice_ldap as ldap
\t\tON
\t\t\tkrb.id = ldap.ldap_kerberos_realm_id
\t'
+ rm -f /tmp/ldap_krb_realm.aAGga
+ realm=NEVERLAND.DDNS.ME
+ [ -n NEVERLAND.DDNS.ME ]
+ ldapctl_cmd /usr/sbin/service ix-kerberos quietstart default NEVERLAND.DDNS.ME
+ local 'args=/usr/sbin/service ix-kerberos quietstart default NEVERLAND.DDNS.ME'
+ [ -n '/usr/sbin/service ix-kerberos quietstart default NEVERLAND.DDNS.ME' ]
+ logger -t LDAP '/usr/sbin/service ix-kerberos quietstart default NEVERLAND.DDNS.ME'
+ /usr/sbin/service ix-kerberos quietstart default NEVERLAND.DDNS.ME
+ return 0
+ LDAP_init
+ LDAP_load_values
+ LDAP_generate_config
+ local 'res=0'
+ /usr/local/bin/ldaptool get config_file
ERROR: {'desc': 'Local error', 'info': 'SASL(-1): generic failure: GSSAPI Error:  Miscellaneous failure (see text) (UNKNOWN_SERVER)'}
+ res=1
+ /bin/chmod 600 /etc/directoryservice/LDAP/config
+ return 1
+ return 1
+ return 1
+ ldap_set 0
+ local 'enable=0'
+ [ -z 0 ]
+ /usr/local/bin/sqlite3fn /data/freenas-v1.db $'\tUPDATE
\t\tdirectoryservice_ldap
\tSET
\t\tldap_enable = 0
\t'
+ return 0
+ return 1
+ _return=1
+ [ 1 -ne 0 ]
+ [ -z '' ]
+ return 1
+ return 1
[root@abyss /mnt/MAIN/HOME/binary]#
 

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,546
Code:
+ /usr/local/bin/ldaptool get config_file
ERROR: {'desc': 'Local error', 'info': 'SASL(-1): generic failure: GSSAPI Error:  Miscellaneous failure (see text) (UNKNOWN_SERVER)'}
+ res=1


This is most likely still a kerberos issue. We might be able to bypass the error.
Code:
service ix-hostname start
service ix-kerberos start
sh -x /etc/ix.rc.d/ix-kinit start


If that one returns 0 (succeeds), then proceed with the following:
service ix-sssd start
service sssd start

getent passwd (see if your LDAP users are present).
 

bako

Dabbler
Joined
Jul 10, 2019
Messages
19
Code:
If that one returns 0 (succeeds), then proceed with the following...
Code:
Code:
[root@abyss /mnt/MAIN/HOME/binary]# service ix-hostname start
[root@abyss /mnt/MAIN/HOME/binary]# service ix-kerberos start
[root@abyss /mnt/MAIN/HOME/binary]# sh -x /etc/ix.rc.d/ix-kinit start
+ . /etc/rc.freenas
+ . /etc/rc.subr
+ : 14186
+ export RC_PID
+ [ -n '' ]
+ _rc_subr_loaded=YES
+ SYSCTL=/sbin/sysctl
+ SYSCTL_N='/sbin/sysctl -n'
+ SYSCTL_W=/sbin/sysctl
+ PROTECT=/usr/bin/protect
+ ID=/usr/bin/id
+ IDCMD='if [ -x /usr/bin/id ]; then /usr/bin/id -un; fi'
+ PS='/bin/ps -ww'
+ JID=0
+ _rc_namevarlist='program chroot chdir env flags fib nice user group groups prepend'
+ kenv -q rc.debug
+ : /data/freenas-v1.db
+ : /var/tmp/freenas_config.md5
+ : /usr/local/bin/sqlite3fn
+ : /var/tmp/rc.conf.freenas
+ : /etc/version
+ : /var/db/system
+ : /data/cd-upgrade
+ : /data/need-update
+ : /data/first-boot
+ : /usr/bin/openssl
+ : /etc/certificates
+ : /etc/certificates/CA
+ : /usr/local/sbin/nginx
+ : /usr/local/etc/nginx
+ : /usr/local/etc/rc.d/nginx
+ : /usr/local/etc/nginx/nginx.conf
+ : 443
+ : 80
+ : /var/tmp/.cache
+ : 2g
+ : 60
+ : /usr/local/etc/sssd/sssd.conf
+ : /usr/local/etc/openldap/ldap.conf
+ : /usr/local/etc/certs/cacert.crt
+ : 0
+ : /etc/ix/templates/pam.d
+ : /etc/pam.d
+ : /etc/nsswitch.conf
+ : /etc/ix/templates/kerberos/krb5.conf
+ : /etc/krb5.conf
+ : /etc/AD.keytab
+ : /usr/local/etc/smb4.conf
+ : /usr/local/bin/warden
+ : /tmp/.ha_mode
+ ls /etc/directoryservice/rc.ActiveDirectory /etc/directoryservice/rc.DomainController /etc/directoryservice/rc.LDAP /etc/directoryservice/rc.NIS
+ . /etc/directoryservice/rc.ActiveDirectory
+ . /etc/rc.subr
+ : 14186
+ export RC_PID
+ [ -n YES ]
+ return
+ : /etc/directoryservice/ActiveDirectory
+ : /etc/directoryservice/ActiveDirectory/config
+ : /etc/directoryservice/ActiveDirectory/ctl
+ : 10
+ : 10
+ : /usr/local/bin/adtool
+ . /etc/directoryservice/rc.DomainController
+ . /etc/rc.subr
+ : 14186
+ export RC_PID
+ [ -n YES ]
+ return
+ . /etc/directoryservice/rc.LDAP
+ . /etc/rc.subr
+ : 14186
+ export RC_PID
+ [ -n YES ]
+ return
+ : /etc/directoryservice/LDAP
+ : /etc/directoryservice/LDAP/config
+ : /usr/local/etc/nss_ldap.conf
+ : /usr/local/etc/nss_ldap.secret
+ : /usr/local/etc/openldap/ldap.conf
+ : /usr/local/etc/certs/cacert.crt
+ : 0
+ : /usr/local/bin/ldaptool
+ . /etc/directoryservice/rc.NIS
+ . /etc/rc.subr
+ : 14186
+ export RC_PID
+ [ -n YES ]
+ return
+ : /etc/directoryservice/NT4
+ : /etc/directoryservice/NT4/ctl
+ : +:::::::::
+ : '+:*::'
+ : +::
+ name=ix-kinit
+ start_cmd=kerberos_start
+ status_cmd=kerberos_status
+ stop_cmd=kerberos_stop
+ renew_cmd=kerberos_renew
+ extra_commands=renew
+ load_rc_config ix-kinit
+ local _name _rcvar_val _var _defval _v _msg _new _d
+ _name=ix-kinit
+ false
+ [ -r /etc/defaults/rc.conf ]
+ debug 'Sourcing /etc/defaults/rc.conf'
+ . /etc/defaults/rc.conf
+ rc_info=NO
+ rc_startmsgs=YES
+ rcshutdown_timeout=90
+ early_late_divider=FILESYSTEMS
+ always_force_depends=NO
+ apm_enable=NO
+ apmd_enable=NO
+ apmd_flags=''
+ ddb_enable=NO
+ ddb_config=/etc/ddb.conf
+ devd_enable=YES
+ devd_flags=''
+ kldxref_enable=NO
+ kldxref_clobber=NO
+ kldxref_module_path=''
+ powerd_enable=NO
+ powerd_flags=''
+ tmpmfs=AUTO
+ tmpsize=20m
+ tmpmfs_flags=-S
+ varmfs=AUTO
+ varsize=32m
+ varmfs_flags=-S
+ mfs_type=auto
+ populate_var=AUTO
+ cleanvar_enable=YES
+ local_startup=/usr/local/etc/rc.d
+ script_name_sep=' '
+ rc_conf_files='/etc/rc.conf /etc/rc.conf.local'
+ zfs_enable=NO
+ zfsd_enable=NO
+ gptboot_enable=YES
+ gbde_autoattach_all=NO
+ gbde_devices=NO
+ gbde_attach_attempts=3
+ gbde_lockdir=/etc
+ geli_devices=''
+ geli_tries=''
+ geli_default_flags=''
+ geli_autodetach=YES
+ root_rw_mount=YES
+ root_hold_delay=30
+ fsck_y_enable=NO
+ fsck_y_flags='-T ffs:-R -T ufs:-R'
+ background_fsck=YES
+ background_fsck_delay=60
+ netfs_types='nfs:NFS smbfs:SMB'
+ extra_netfs_types=NO
+ hostname=''
+ hostid_enable=YES
+ hostid_file=/etc/hostid
+ nisdomainname=NO
+ dhclient_program=/sbin/dhclient
+ dhclient_flags=''
+ background_dhclient=NO
+ synchronous_dhclient=NO
+ defaultroute_delay=30
+ defaultroute_carrier_delay=5
+ netif_enable=YES
+ netif_ipexpand_max=2048
+ wpa_supplicant_program=/usr/sbin/wpa_supplicant
+ wpa_supplicant_flags=-s
+ wpa_supplicant_conf_file=/etc/wpa_supplicant.conf
+ firewall_enable=NO
+ firewall_script=/etc/rc.firewall
+ firewall_type=UNKNOWN
+ firewall_quiet=NO
+ firewall_logging=NO
+ firewall_logif=NO
+ firewall_flags=''
+ firewall_coscripts=''
+ firewall_client_net=192.0.2.0/24
+ firewall_simple_iif=ed1
+ firewall_simple_inet=192.0.2.16/28
+ firewall_simple_oif=ed0
+ firewall_simple_onet=192.0.2.0/28
+ firewall_myservices=''
+ firewall_allowservices=''
+ firewall_trusted=''
+ firewall_logdeny=NO
+ firewall_nologports='135-139,445 1026,1027 1433,1434'
+ firewall_nat_enable=NO
+ firewall_nat_interface=''
+ firewall_nat_flags=''
+ dummynet_enable=NO
+ ipfw_netflow_enable=NO
+ ip_portrange_first=NO
+ ip_portrange_last=NO
+ ike_enable=NO
+ ike_program=/usr/local/sbin/isakmpd
+ ike_flags=''
+ ipsec_enable=NO
+ ipsec_file=/etc/ipsec.conf
+ natd_program=/sbin/natd
+ natd_enable=NO
+ natd_interface=''
+ natd_flags=''
+ ipfilter_enable=NO
+ ipfilter_program=/sbin/ipf
+ ipfilter_rules=/etc/ipf.rules
+ ipfilter_flags=''
+ ipnat_enable=NO
+ ipnat_program=/sbin/ipnat
+ ipnat_rules=/etc/ipnat.rules
+ ipnat_flags=''
+ ipmon_enable=NO
+ ipmon_program=/sbin/ipmon
+ ipmon_flags=-Ds
+ ipfs_enable=NO
+ ipfs_program=/sbin/ipfs
+ ipfs_flags=''
+ pf_enable=NO
+ pf_rules=/etc/pf.conf
+ pf_program=/sbin/pfctl
+ pf_flags=''
+ pflog_enable=NO
+ pflog_logfile=/var/log/pflog
+ pflog_program=/sbin/pflogd
+ pflog_flags=''
+ ftpproxy_enable=NO
+ ftpproxy_flags=''
+ pfsync_enable=NO
+ pfsync_syncdev=''
+ pfsync_syncpeer=''
+ pfsync_ifconfig=''
+ tcp_extensions=YES
+ log_in_vain=0
+ tcp_keepalive=YES
+ tcp_drop_synfin=NO
+ icmp_drop_redirect=NO
+ icmp_log_redirect=NO
+ network_interfaces=auto
+ cloned_interfaces=''
+ sppp_interfaces=''
+ ppp_enable=NO
+ ppp_program=/usr/sbin/ppp
+ ppp_mode=auto
+ ppp_nat=YES
+ ppp_profile=papchap
+ ppp_user=root
+ hostapd_enable=NO
+ syslogd_enable=YES
+ syslogd_program=/usr/sbin/syslogd
+ syslogd_flags=-s
+ syslogd_oomprotect=YES
+ altlog_proglist=''
+ inetd_enable=NO
+ inetd_program=/usr/sbin/inetd
+ inetd_flags='-wW -C 60'
+ iscsid_enable=NO
+ iscsictl_enable=NO
+ iscsictl_flags=-Aa
+ hastd_enable=NO
+ hastd_program=/sbin/hastd
+ hastd_flags=''
+ ctld_enable=NO
+ local_unbound_enable=NO
+ blacklistd_enable=NO
+ blacklistd_flags=''
+ kdc_enable=NO
+ kdc_program=/usr/libexec/kdc
+ kdc_flags=''
+ kadmind_enable=NO
+ kadmind_program=/usr/libexec/kadmind
+ kpasswdd_enable=NO
+ kpasswdd_program=/usr/libexec/kpasswdd
+ kfd_enable=NO
+ kfd_program=/usr/libexec/kfd
+ kfd_flags=''
+ ipropd_master_enable=NO
+ ipropd_master_program=/usr/libexec/ipropd-master
+ ipropd_master_flags=''
+ ipropd_master_keytab=/etc/krb5.keytab
+ ipropd_master_slaves=''
+ ipropd_slave_enable=NO
+ ipropd_slave_program=/usr/libexec/ipropd-slave
+ ipropd_slave_flags=''
+ ipropd_slave_keytab=/etc/krb5.keytab
+ ipropd_slave_master=''
+ gssd_enable=NO
+ gssd_program=/usr/sbin/gssd
+ gssd_flags=''
+ rwhod_enable=NO
+ rwhod_flags=''
+ rarpd_enable=NO
+ rarpd_flags=-a
+ bootparamd_enable=NO
+ bootparamd_flags=''
+ pppoed_enable=NO
+ pppoed_provider='*'
+ pppoed_flags='-P /var/run/pppoed.pid'
+ pppoed_interface=fxp0
+ sshd_enable=NO
+ sshd_program=/usr/sbin/sshd
+ sshd_flags=''
+ ftpd_enable=NO
+ ftpd_program=/usr/libexec/ftpd
+ ftpd_flags=''
+ amd_enable=NO
+ amd_program=/usr/sbin/amd
+ amd_flags='-a /.amd_mnt -l syslog /host /etc/amd.map /net /etc/amd.map'
+ amd_map_program=NO
+ autofs_enable=NO
+ automount_flags=''
+ automountd_flags=''
+ autounmountd_flags=''
+ nfs_client_enable=NO
+ nfs_access_cache=60
+ nfs_server_enable=NO
+ nfs_server_flags='-u -t'
+ nfs_server_managegids=NO
+ mountd_enable=NO
+ mountd_flags='-r -S'
+ weak_mountd_authentication=NO
+ nfs_reserved_port_only=NO
+ nfs_bufpackets=''
+ rpc_lockd_enable=NO
+ rpc_lockd_flags=''
+ rpc_statd_enable=NO
+ rpc_statd_flags=''
+ rpcbind_enable=NO
+ rpcbind_program=/usr/sbin/rpcbind
+ rpcbind_flags=''
+ rpc_ypupdated_enable=NO
+ keyserv_enable=NO
+ keyserv_flags=''
+ nfsv4_server_enable=NO
+ nfscbd_enable=NO
+ nfscbd_flags=''
+ nfsuserd_enable=NO
+ nfsuserd_flags=''
+ timed_enable=NO
+ timed_flags=''
+ ntpdate_enable=NO
+ ntpdate_program=/usr/sbin/ntpdate
+ ntpdate_flags=-b
+ ntpdate_config=/etc/ntp.conf
+ ntpdate_hosts=''
+ ntpd_enable=NO
+ ntpd_program=/usr/sbin/ntpd
+ ntpd_config=/etc/ntp.conf
+ ntpd_sync_on_start=NO
+ ntpd_flags='-p /var/run/ntpd.pid -f /var/db/ntpd.drift'
+ ntp_src_leapfile=/etc/ntp/leap-seconds
+ ntp_db_leapfile=/var/db/ntpd.leap-seconds.list
+ ntp_leapfile_sources=https://www.ietf.org/timezones/data/leap-seconds.list
+ ntp_leapfile_fetch_opts=-mq
+ ntp_leapfile_expiry_days=30
+ ntp_leapfile_fetch_verbose=NO
+ nis_client_enable=NO
+ nis_client_flags=''
+ nis_ypset_enable=NO
+ nis_ypset_flags=''
+ nis_server_enable=NO
+ nis_server_flags=''
+ nis_ypxfrd_enable=NO
+ nis_ypxfrd_flags=''
+ nis_yppasswdd_enable=NO
+ nis_yppasswdd_flags=''
+ nis_ypldap_enable=NO
+ nis_ypldap_flags=''
+ bsnmpd_enable=NO
+ bsnmpd_flags=''
+ defaultrouter=NO
+ static_arp_pairs=''
+ static_ndp_pairs=''
+ static_routes=''
+ natm_static_routes=''
+ gateway_enable=NO
+ routed_enable=NO
+ routed_program=/sbin/routed
+ routed_flags=-q
+ arpproxy_all=NO
+ forward_sourceroute=NO
+ accept_sourceroute=NO
+ atm_enable=NO
+ atm_pvcs=''
+ atm_arps=''
+ hcsecd_enable=NO
+ hcsecd_config=/etc/bluetooth/hcsecd.conf
+ sdpd_enable=NO
+ sdpd_control=/var/run/sdp
+ sdpd_groupname=nobody
+ sdpd_username=nobody
+ bthidd_enable=NO
+ bthidd_config=/etc/bluetooth/bthidd.conf
+ bthidd_hids=/var/db/bthidd.hids
+ rfcomm_pppd_server_enable=NO
+ rfcomm_pppd_server_profile='one two'
+ rfcomm_pppd_server_one_channel=1
+ rfcomm_pppd_server_two_channel=3
+ ubthidhci_enable=NO
+ netwait_enable=NO
+ netwait_timeout=60
+ netwait_if_timeout=30
+ icmp_bmcastecho=NO
+ ipv6_network_interfaces=auto
+ ipv6_activate_all_interfaces=NO
+ ipv6_defaultrouter=NO
+ ipv6_static_routes=''
+ ipv6_gateway_enable=NO
+ ipv6_cpe_wanif=NO
+ ipv6_privacy=NO
+ route6d_enable=NO
+ route6d_program=/usr/sbin/route6d
+ route6d_flags=''
+ ipv6_default_interface=NO
+ rtsol_flags=''
+ rtsold_enable=NO
+ rtsold_flags=-a
+ rtadvd_enable=NO
+ rtadvd_interfaces=''
+ mroute6d_enable=NO
+ mroute6d_program=/usr/local/sbin/pim6dd
+ mroute6d_flags=''
+ stf_interface_ipv4addr=''
+ stf_interface_ipv4plen=0
+ stf_interface_ipv6_ifid=0:0:0:1
+ stf_interface_ipv6_slaid=0000
+ ipv6_ipv4mapping=NO
+ ipv6_ipfilter_rules=/etc/ipf6.rules
+ ip6addrctl_enable=YES
+ ip6addrctl_verbose=NO
+ ip6addrctl_policy=AUTO
+ keyboard=''
+ keymap=NO
+ keyrate=NO
+ keybell=NO
+ keychange=NO
+ cursor=NO
+ scrnmap=NO
+ font8x16=NO
+ font8x14=NO
+ font8x8=NO
+ blanktime=300
+ saver=NO
+ moused_nondefault_enable=YES
+ moused_enable=NO
+ moused_type=auto
+ moused_port=/dev/psm0
+ moused_flags=''
+ mousechar_start=NO
+ allscreens_flags=''
+ allscreens_kbdflags=''
+ mta_start_script=/etc/rc.sendmail
+ sendmail_enable=NO
+ sendmail_pidfile=/var/run/sendmail.pid
+ sendmail_procname=/usr/sbin/sendmail
+ sendmail_flags='-L sm-mta -bd -q30m'
+ sendmail_cert_create=YES
+ sendmail_submit_enable=YES
+ sendmail_submit_flags='-L sm-mta -bd -q30m -ODaemonPortOptions=Addr=localhost'
+ sendmail_outbound_enable=YES
+ sendmail_outbound_flags='-L sm-queue -q30m'
+ sendmail_msp_queue_enable=YES
+ sendmail_msp_queue_flags='-L sm-msp-queue -Ac -q30m'
+ sendmail_rebuild_aliases=NO
+ auditd_enable=NO
+ auditd_program=/usr/sbin/auditd
+ auditd_flags=''
+ auditdistd_enable=NO
+ auditdistd_program=/usr/sbin/auditdistd
+ auditdistd_flags=''
+ cron_enable=YES
+ cron_program=/usr/sbin/cron
+ cron_dst=YES
+ cron_flags=''
+ lpd_enable=NO
+ lpd_program=/usr/sbin/lpd
+ lpd_flags=''
+ nscd_enable=NO
+ chkprintcap_enable=NO
+ chkprintcap_flags=-d
+ dumpdev=NO
+ dumpdir=/var/crash
+ savecore_enable=YES
+ savecore_flags='-m 10'
+ crashinfo_enable=YES
+ crashinfo_program=/usr/sbin/crashinfo
+ quota_enable=NO
+ check_quotas=YES
+ quotaon_flags=-a
+ quotaoff_flags=-a
+ quotacheck_flags=-a
+ accounting_enable=NO
+ ibcs2_enable=NO
+ ibcs2_loaders=coff
+ firstboot_sentinel=/firstboot
+ sysvipc_enable=NO
+ linux_enable=NO
+ svr4_enable=NO
+ clear_tmp_enable=NO
+ clear_tmp_X=YES
+ ldconfig_insecure=NO
+ ldconfig_paths='/usr/lib/compat /usr/local/lib /usr/local/lib/compat/pkg'
+ ldconfig32_paths='/usr/lib32 /usr/lib32/compat'
+ ldconfigsoft_paths='/usr/libsoft /usr/libsoft/compat /usr/local/libsoft'
+ ldconfig_paths_aout='/usr/lib/compat/aout /usr/local/lib/aout'
+ ldconfig_local_dirs=/usr/local/libdata/ldconfig
+ ldconfig_local32_dirs=/usr/local/libdata/ldconfig32
+ ldconfig_localsoft_dirs=/usr/local/libdata/ldconfigsoft
+ kern_securelevel_enable=NO
+ kern_securelevel=-1
+ update_motd=YES
+ entropy_boot_file=/boot/entropy
+ entropy_file=/entropy
+ entropy_dir=/var/db/entropy
+ entropy_save_sz=4096
+ entropy_save_num=8
+ harvest_mask=511
+ dmesg_enable=YES
+ watchdogd_enable=NO
+ watchdogd_flags=''
+ devfs_rulesets='/etc/defaults/devfs.rules /etc/devfs.rules'
+ devfs_system_ruleset=''
+ devfs_set_rulesets=''
+ devfs_load_rulesets=YES
+ performance_cx_lowest=C2
+ performance_cpu_freq=NONE
+ economy_cx_lowest=Cmax
+ economy_cpu_freq=NONE
+ virecover_enable=YES
+ ugidfw_enable=NO
+ bsdextended_script=/etc/rc.bsdextended
+ newsyslog_enable=YES
+ newsyslog_flags=-CN
+ mixer_enable=YES
+ opensm_enable=NO
+ rctl_enable=YES
+ rctl_rules=/etc/rctl.conf
+ iovctl_files=''
+ jail_enable=NO
+ jail_confwarn=YES
+ jail_parallel_start=NO
+ jail_list=''
+ jail_reverse_stop=NO
+ [ -z '' ]
+ source_rc_confs_defined=yes
+ [ -r /etc/defaults/vendor.conf ]
+ source_rc_confs
+ local i sourced_files
+ sourced_files=:/etc/rc.conf:
+ [ -r /etc/rc.conf ]
+ . /etc/rc.conf
+ hostname=freenas
+ openssh_enable=YES
+ sendmail_enable=NONE
+ background_fsck=NO
+ fsck_y_enable=YES
+ synchronous_dhclient=YES
+ ntpd_enable=YES
+ ntpd_sync_on_start=YES
+ vmware_guest_vmblock_enable=YES
+ vmware_guest_vmhgfs_enable=YES
+ vmware_guest_vmmemctl_enable=YES
+ devfs_system_ruleset=usbrules
+ clear_tmp_X=NO
+ geli_autodetach=NO
+ savecore_enable=NO
+ dumpdev=NO
+ dumpdir=/data/crash
+ ix_textdump_enable=YES
+ early_kld_list='geom_mirror geom_multipath'
+ kld_list='dtraceall hwpmc t3_tom t4_tom'
+ dbus_enable=YES
+ mdnsd_enable=YES
+ performance_cpu_freq=HIGH
+ local_startup='/etc/ix.rc.d /usr/local/etc/rc.d'
+ early_late_divider='*'
+ root_rw_mount=YES
+ syslogd_enable=NO
+ syslog_ng_enable=YES
+ nginx_enable=YES
+ nginx_login_class=nginx
+ devd_flags=-q
+ cleanvar_enable=NO
+ openssh_skipportscheck=YES
+ inadyn_flags=--continue-on-error
+ sourced_files=:/etc/rc.conf::/etc/rc.conf.local:
+ [ -r /etc/rc.conf.local ]
+ . /etc/rc.conf.local
+ . /etc/rc.freenas
+ . /etc/rc.subr
+ : 14186
+ export RC_PID
+ [ -n YES ]
+ return
+ : /data/freenas-v1.db
+ : /var/tmp/freenas_config.md5
+ : /usr/local/bin/sqlite3fn
+ : /var/tmp/rc.conf.freenas
+ : /etc/version
+ : /var/db/system
+ : /data/cd-upgrade
+ : /data/need-update
+ : /data/first-boot
+ : /usr/bin/openssl
+ : /etc/certificates
+ : /etc/certificates/CA
+ : /usr/local/sbin/nginx
+ : /usr/local/etc/nginx
+ : /usr/local/etc/rc.d/nginx
+ : /usr/local/etc/nginx/nginx.conf
+ : 443
+ : 80
+ : /var/tmp/.cache
+ : 2g
+ : 60
+ : /usr/local/etc/sssd/sssd.conf
+ : /usr/local/etc/openldap/ldap.conf
+ : /usr/local/etc/certs/cacert.crt
+ : 0
+ : /etc/ix/templates/pam.d
+ : /etc/pam.d
+ : /etc/nsswitch.conf
+ : /etc/ix/templates/kerberos/krb5.conf
+ : /etc/krb5.conf
+ : /etc/AD.keytab
+ : /usr/local/etc/smb4.conf
+ : /usr/local/bin/warden
+ : /tmp/.ha_mode
+ ls /etc/directoryservice/rc.ActiveDirectory /etc/directoryservice/rc.DomainController /etc/directoryservice/rc.LDAP /etc/directoryservice/rc.NIS
+ . /etc/directoryservice/rc.ActiveDirectory
+ . /etc/rc.subr
+ : 14186
+ export RC_PID
+ [ -n YES ]
+ return
+ : /etc/directoryservice/ActiveDirectory
+ : /etc/directoryservice/ActiveDirectory/config
+ : /etc/directoryservice/ActiveDirectory/ctl
+ : 10
+ : 10
+ : /usr/local/bin/adtool
+ . /etc/directoryservice/rc.DomainController
+ . /etc/rc.subr
+ : 14186
+ export RC_PID
+ [ -n YES ]
+ return
+ . /etc/directoryservice/rc.LDAP
+ . /etc/rc.subr
+ : 14186
+ export RC_PID
+ [ -n YES ]
+ return
+ : /etc/directoryservice/LDAP
+ : /etc/directoryservice/LDAP/config
+ : /usr/local/etc/nss_ldap.conf
+ : /usr/local/etc/nss_ldap.secret
+ : /usr/local/etc/openldap/ldap.conf
+ : /usr/local/etc/certs/cacert.crt
+ : 0
+ : /usr/local/bin/ldaptool
+ . /etc/directoryservice/rc.NIS
+ . /etc/rc.subr
+ : 14186
+ export RC_PID
+ [ -n YES ]
+ return
+ : /etc/directoryservice/NT4
+ : /etc/directoryservice/NT4/ctl
+ : +:::::::::
+ : '+:*::'
+ : +::
+ md5 -q /data/freenas-v1.db
+ _NEWSUM=76c233228a529c9408b1fa7f481f596b
+ cat /var/tmp/freenas_config.md5
+ _OLDSUM=76c233228a529c9408b1fa7f481f596b
+ id -u
+ [ 0 -eq 0 -a ! 76c233228a529c9408b1fa7f481f596b '=' 76c233228a529c9408b1fa7f481f596b -a ! -f /data/need-update ]
+ export 'LANG=en_US.UTF-8'
+ [ -f /var/tmp/rc.conf.freenas ]
+ . /var/tmp/rc.conf.freenas
+ ifconfig_igb0='inet 10.0.0.240/24 '
+ hostname=abyss.neverland.ddns.me
+ defaultrouter=10.0.0.1
+ netwait_enable=YES
+ netwait_ip=10.0.0.1
+ netatalk_enable=YES
+ proftpd_enable=NO
+ nfs_server_enable=YES
+ rpc_lockd_enable=YES
+ rpc_statd_enable=YES
+ mountd_enable=YES
+ nfsd_enable=YES
+ rpcbind_enable=YES
+ rsyncd_enable=YES
+ snmpd_enable=NO
+ snmp_agent_enable=NO
+ openssh_enable=YES
+ inetd_enable=NO
+ inadyn_enable=YES
+ ladvd_enable=NO
+ ctld_enable=NO
+ apache24_enable=NO
+ smartd_daemon_enable=YES
+ netdata_enable=YES
+ samba_server_enable=YES
+ smbd_enable=YES
+ nmbd_enable=YES
+ winbindd_enable=YES
+ dssystem_env='PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/root/bin'
+ postgresql_data=/mnt//database
+ postgresql_user=pgsql
+ snmpd_conffile=/etc/local/snmpd.conf
+ snmpd_flags=-LS3d
+ sssd_enable=NO
+ nslcd_enable=NO
+ nut_enable=YES
+ nut_upsshut=NO
+ nut_upslog_ups=ups
+ nut_upslog_enable=YES
+ nut_upsmon_enable=YES
+ nfsv4_server_enable=NO
+ gssd_enable=YES
+ zfs_enable=YES
+ powerd_enable=NO
+ collectd_enable=YES
+ rrdcached_enable=YES
+ failover_enable=NO
+ nfs_server_flags='-t -n 4 '
+ rpc_statd_flags=''
+ rpc_lockd_flags=''
+ mountd_flags=-rS
+ smartd_daemon_flags='-i 1800'
+ minio_disks=''
+ minio_address=:9000
+ minio_env='MINIO_ACCESS_KEY= MINIO_SECRET_KEY= '
+ MINIO_BROWSER=off
+ ixssl_list=''
+ keymap=us
+ geli_devices=''
+ ladvd_flags='-a -z'
+ ataidle_enable=YES
+ watchdogd_flags='--pretimeout 5 --pretimeout-action log,printf'
+ watchdogd_enable=YES
+ zfsd_enable=YES
+ vmware_guestd_enable=NO
+ _rc_conf_loaded=true
+ [ -n ix-kinit ]
+ _d=/etc
+ [ -f /etc/rc.conf.d/ix-kinit ]
+ [ -d /etc/rc.conf.d/ix-kinit ]
+ _d=/etc/ix.rc.d
+ [ -f /etc/ix.rc.d/rc.conf.d/ix-kinit ]
+ [ -d /etc/ix.rc.d/rc.conf.d/ix-kinit ]
+ _d=/usr/local/etc
+ [ -f /usr/local/etc/rc.conf.d/ix-kinit ]
+ [ -d /usr/local/etc/rc.conf.d/ix-kinit ]
+ run_rc_command start
+ _return=0
+ rc_arg=start
+ [ -z ix-kinit ]
+ shift 1
+ rc_extra_args=''
+ _rc_prefix=''
+ eval '_override_command=$ix-kinit_program'
+ _override_command=-kinit_program
+ command=-kinit_program
+ _keywords='start stop restart rcvar enabled describe extracommands renew'
+ rc_pid=''
+ _pidcmd=''
+ _procname=-kinit_program
+ [ -n -kinit_program ]
+ [ -n '' ]
+ _pidcmd='rc_pid=$(check_process -kinit_program )'
+ _keywords='start stop restart rcvar enabled describe extracommands renew status poll'
+ [ -z start ]
+ [ start '=' enabled ]
+ [ -n '' ]
+ eval 'rc_flags=$ix-kinit_flags'
+ rc_flags=-kinit_flags
+ eval '_chdir=$ix-kinit_chdir' '_chroot=$ix-kinit_chroot' '_nice=$ix-kinit_nice' '_user=$ix-kinit_user' '_group=$ix-kinit_group' '_groups=$ix-kinit_groups' '_fib=$ix-kinit_fib' '_env=$ix-kinit_env' '_prepend=$ix-kinit_prepend' '_login_class=${ix-kinit_login_class:-daemon}' '_oomprotect=$ix-kinit_oomprotect'
+ _chdir=-kinit_chdir _chroot=-kinit_chroot _nice=-kinit_nice _user=-kinit_user _group=-kinit_group _groups=-kinit_groups _fib=-kinit_fib _env=-kinit_env _prepend=-kinit_prepend _login_class=kinit_login_class:-daemon _oomprotect=-kinit_oomprotect
+ [ -n -kinit_user ]
+ eval if [ -x /usr/bin/id '];' then /usr/bin/id '-un;' fi
+ [ -x /usr/bin/id ]
+ /usr/bin/id -un
+ [ -kinit_user '=' root ]
+ [ -z '' ]
+ eval 'rc_pid=$(check_process' -kinit_program ')'
+ check_process -kinit_program
+ _procname=-kinit_program
+ _interpreter=''
+ [ -z -kinit_program ]
+ _find_processes -kinit_program . -ax
+ [ 3 -ne 3 ]
+ _procname=-kinit_program
+ _interpreter=.
+ _psargs=-ax
+ _pref=''
+ [ . '!=' . ]
+ _procnamebn=-kinit_program
+ _fp_args='_arg0 _argv'
+ _fp_match=$'case "$_arg0" in
\t\t    $_procname|$_procnamebn|${_procnamebn}:|"(${_procnamebn})"|"[${_procnamebn}]")'
+ _proccheck=$'\t\t/bin/ps -ww 2>/dev/null -o pid= -o jid= -o command= -ax |
\t\twhile read _npid _jid _arg0 _argv; do
\t\t\tcase "$_arg0" in
\t\t    $_procname|$_procnamebn|${_procnamebn}:|"(${_procnamebn})"|"[${_procnamebn}]")
\t\t\t\tif [ "$JID" -eq "$_jid" ];
\t\t\t\tthen echo -n "$_pref$_npid";
\t\t\t\t_pref=" ";
\t\t\t\tfi
\t\t\t\t;;
\t\t\tesac
\t\tdone'
+ eval /bin/ps -ww '2>/dev/null' -o 'pid=' -o 'jid=' -o 'command=' -ax '|' while read _npid _jid _arg0 '_argv;' do case '"$_arg0"' in '$_procname|$_procnamebn|${_procnamebn}:|"(${_procnamebn})"|"[${_procnamebn}]")' if [ '"$JID"' -eq '"$_jid"' '];' then echo -n '"$_pref$_npid";' '_pref="' '";' fi ';;' esac done
+ /bin/ps -ww -o 'pid=' -o 'jid=' -o 'command=' -ax
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ read _npid _jid _arg0 _argv
+ rc_pid=''
+ [ start '!=' start ]
+ [ -n '' -a start '!=' rcvar -a start '!=' stop -a start '!=' describe ]
+ [ -n '' -a start '=' stop -a -z '' ]
+ [ start '=' start -a -z '' -a -n '' ]
+ eval '_cmd=$start_cmd' '_precmd=$start_precmd' '_postcmd=$start_postcmd'
+ _cmd=kerberos_start _precmd='' _postcmd=''
+ [ -n kerberos_start ]
+ _run_rc_precmd
+ check_required_before start
+ local _f
+ return 0
+ [ -n '' ]
+ check_required_after start
+ local _f _args
+ return 0
+ return 0
+ _run_rc_doit 'kerberos_start '
+ debug 'run_rc_command: doit: kerberos_start '
+ eval 'kerberos_start '
+ kerberos_start
+ local 'res=1'
+ dirsrv_enabled activedirectory
+ local 'dir=activedirectory'
+ [ -z activedirectory ]
+ activedirectory_enabled
+ /usr/local/bin/sqlite3fn /data/freenas-v1.db $'\tSELECT
\t\tad_enable
\tFROM
\t\tdirectoryservice_activedirectory
\tORDER BY
\t\t-id
\tLIMIT 1'
+ enabled=0
+ [ 0 '=' 1 ]
+ [ 0 '=' 0 ]
+ return 1
+ return 1
+ dirsrv_enabled ldap
+ local 'dir=ldap'
+ [ -z ldap ]
+ ldap_enabled
+ /usr/local/bin/sqlite3fn /data/freenas-v1.db $'\tSELECT
\t\tldap_enable
\tFROM
\t\tdirectoryservice_ldap
\tORDER BY
\t\t-id
\tLIMIT 1'
+ enabled=0
+ [ 0 '=' 1 ]
+ [ 0 '=' 0 ]
+ return 1
+ return 1
+ return 1
+ _return=1
+ [ 1 -ne 0 ]
+ [ -z '' ]
+ return 1
+ return 1
Looks like no go....
 

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
9,546
Looks like you need to enable ldap first.
Code:
sqlite3 /data/freenas-v1.db "UPDATE directoryservice_ldap SET ldap_enable=1"
service ix-hostname start
service ix-kerberos start
sh -x /etc/ix.rc.d/ix-kinit start
service ix-sssd start
service sssd start
 
Top