Freenas 8.3.1 + Server 2008 R2 + Active Directory + LDAP Signing

Status
Not open for further replies.
L

lord.nemesi

Cadet
Joined
May 13, 2013
Messages
6
Hi Guys,
I'm not able to start AD service in freenas 8.3.1 cause on my server 2008 R2 DC I enabled ldap signing. Without ldap signign everything works but, if is it possible, I don't wanna to disable. I already added this line to the [global] section of smb.conf but nothing has changed:

Code:
client ldap sasl wrapping = sign


This is the log after trying to start ad service:

May 14 09:15:40 freenas ActiveDirectory: /usr/local/bin/python /usr/local/www/freenasUI/middleware/notifier.py stop cifs
May 14 09:15:42 freenas notifier: dbus not running? (check /var/run/dbus/dbus.pid).
May 14 09:15:42 freenas notifier: Will not 'restart' dbus because dbus_enable is NO.
May 14 09:15:42 freenas notifier: Stopping avahi-daemon.
May 14 09:15:42 freenas notifier: Failed to kill daemon: No such file or directory
May 14 09:15:42 freenas notifier: Will not 'restart' avahi_daemon because avahi_daemon_enable is NO.
May 14 09:15:43 freenas notifier: winbindd not running? (check /var/run/samba/winbindd.pid).
May 14 09:15:43 freenas notifier: Stopping smbd.
May 14 09:15:43 freenas notifier: Waiting for PIDS: 2029.
May 14 09:15:43 freenas notifier: Stopping nmbd.
May 14 09:15:43 freenas notifier: Waiting for PIDS: 2026.
May 14 09:15:43 freenas notifier: False
May 14 09:15:43 freenas ActiveDirectory: /usr/sbin/service ix-kerberos quietstart
May 14 09:15:43 freenas ActiveDirectory: AD_init: binddn = Administrator@NETECO.LAN
May 14 09:15:43 freenas ActiveDirectory: AD_locate_domain_controllers: domain=neteco.lan, site=
May 14 09:15:43 freenas ActiveDirectory: AD_locate_domain_controllers: record=_ldap._tcp.dc._msdcs.neteco.lan
May 14 09:15:43 freenas ActiveDirectory: __get_SRV_records: host=_ldap._tcp.dc._msdcs.neteco.lan
May 14 09:15:43 freenas ActiveDirectory: __get_SRV_records: dig -t srv +short +nocomments _ldap._tcp.dc._msdcs.neteco.lan
May 14 09:15:43 freenas ActiveDirectory: __get_SRV_host: trying fragserver.neteco.lan:389
May 14 09:15:43 freenas ActiveDirectory: __get_SRV_host: Okay
May 14 09:15:43 freenas ActiveDirectory: AD_init: dchost = fragserver.neteco.lan, dcport = 389
May 14 09:15:43 freenas ActiveDirectory: AD_query_rootDSE: filter = (objectclass=*), attributes =
May 14 09:15:43 freenas notifier: ldap_bind: Strong(er) authentication required (8)
May 14 09:15:43 freenas notifier: additional info: 00002028: LdapErr: DSID-0C0901FC, comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection, data 0, v1db1
May 14 09:15:43 freenas ActiveDirectory: AD_init: basedn =
May 14 09:15:43 freenas ActiveDirectory: AD_query_rootDSE: filter = (objectclass=*), attributes =
May 14 09:15:43 freenas notifier: ldap_bind: Strong(er) authentication required (8)
May 14 09:15:43 freenas notifier: additional info: 00002028: LdapErr: DSID-0C0901FC, comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection, data 0, v1db1
May 14 09:15:43 freenas ActiveDirectory: AD_query_rootDSE: filter = (objectclass=*), attributes = dnsRoot
May 14 09:15:43 freenas notifier: ldap_bind: Strong(er) authentication required (8)
May 14 09:15:43 freenas notifier: additional info: 00002028: LdapErr: DSID-0C0901FC, comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection, data 0, v1db1
May 14 09:15:43 freenas ActiveDirectory: AD_get_partition: config = , basedn = CN=Partitions,, ncname =
May 14 09:15:43 freenas ActiveDirectory: AD_query: basedn = CN=Partitions,, filter = ncname=, attributes = ncname= dnsRoot
May 14 09:15:43 freenas ActiveDirectory: AD_locate_domain_global_catalog_servers: domain=, site=
May 14 09:15:43 freenas ActiveDirectory: AD_init: gchost = , gcport = 3268
May 14 09:15:43 freenas ActiveDirectory: AD_locate_kerberos_servers: domain=neteco.lan, proto=, site=
May 14 09:15:43 freenas ActiveDirectory: AD_locate_kerberos_servers: record=_kerberos._udp.neteco.lan
May 14 09:15:43 freenas ActiveDirectory: __get_SRV_records: host=_kerberos._udp.neteco.lan
May 14 09:15:43 freenas ActiveDirectory: __get_SRV_records: dig -t srv +short +nocomments _kerberos._udp.neteco.lan
May 14 09:15:43 freenas ActiveDirectory: __get_SRV_host: trying fragserver.neteco.lan:88
May 14 09:15:43 freenas ActiveDirectory: __get_SRV_host: Okay
May 14 09:15:43 freenas ActiveDirectory: AD_init: krbhost = fragserver.neteco.lan, krbport = 88
May 14 09:15:43 freenas ActiveDirectory: AD_locate_kpasswd_servers: domain=neteco.lan, proto=, site=
May 14 09:15:43 freenas ActiveDirectory: AD_locate_kpasswd_servers: record=_kpasswd._udp.neteco.lan
May 14 09:15:43 freenas ActiveDirectory: __get_SRV_records: host=_kpasswd._udp.neteco.lan
May 14 09:15:43 freenas ActiveDirectory: __get_SRV_records: dig -t srv +short +nocomments _kpasswd._udp.neteco.lan
May 14 09:15:43 freenas ActiveDirectory: __get_SRV_host: trying fragserver.neteco.lan:464
May 14 09:15:43 freenas ActiveDirectory: __get_SRV_host: Okay
May 14 09:15:44 freenas ActiveDirectory: AD_init: kpwdhost = fragserver.neteco.lan, kpwdport = 464
May 14 09:15:44 freenas ActiveDirectory: generate_krb5_conf: krbhost=fragserver.neteco.lan, kpwdhost=fragserver.neteco.lan, domainname=neteco.lan
May 14 09:15:44 freenas ActiveDirectory: /usr/sbin/service ix-nsswitch quietstart
May 14 09:15:44 freenas ActiveDirectory: /usr/sbin/service ix-pam quietstart
May 14 09:15:44 freenas ActiveDirectory: /usr/sbin/service ix-kinit quietstart
May 14 09:15:44 freenas ActiveDirectory: AD_init: config exists, loading values from /etc/ActiveDirectory/config
May 14 09:15:44 freenas ActiveDirectory: kerberos_start: kinit --password-file=/tmp/tmp.jZazIKlf Administrator@NETECO.LAN
May 14 09:15:44 freenas ActiveDirectory: kerberos_start: Successful
May 14 09:15:54 freenas ActiveDirectory: /usr/sbin/service ix-kinit status
May 14 09:15:55 freenas ActiveDirectory: AD_init: config exists, loading values from /etc/ActiveDirectory/config
May 14 09:15:55 freenas ActiveDirectory: kerberos_status: klist -l | grep -q ^Administrator@NETECO.LAN
May 14 09:15:55 freenas ActiveDirectory: kerberos_status: Successful
May 14 09:15:55 freenas ActiveDirectory: /usr/sbin/service ix-samba quietstart
May 14 09:15:55 freenas ActiveDirectory: AD_init: config exists, loading values from /etc/ActiveDirectory/config
May 14 09:15:55 freenas ActiveDirectory: AD_init: config exists, loading values from /etc/ActiveDirectory/config
May 14 09:15:55 freenas ActiveDirectory: generate_smb_config: checking testparm issues
May 14 09:15:55 freenas ActiveDirectory: generate_smb_config: testparm: Load smb config files from /usr/local/etc/smb.conf
May 14 09:15:55 freenas ActiveDirectory: generate_smb_config: testparm: max_open_files: increasing sysctl_max (11095) to minimum Windows limit (16384)
May 14 09:15:55 freenas ActiveDirectory: generate_smb_config: testparm: rlimit_max: increasing rlimit_max (11095) to minimum Windows limit (16384)
May 14 09:15:55 freenas ActiveDirectory: generate_smb_config: testparm: WARNING: The "idmap uid" option is deprecated
May 14 09:15:55 freenas ActiveDirectory: generate_smb_config: testparm: WARNING: The "idmap gid" option is deprecated
May 14 09:15:55 freenas ActiveDirectory: generate_smb_config: testparm: Loaded services file OK.
May 14 09:15:55 freenas ActiveDirectory: generate_smb_config: testparm: WARNING: The setting 'security=ads' should NOT be combined with the 'password server' parameter.
May 14 09:15:55 freenas ActiveDirectory: generate_smb_config: testparm: (by default Samba will discover the correct DC to contact automatically).
May 14 09:15:55 freenas ActiveDirectory: generate_smb_config: testparm: Server role: ROLE_DOMAIN_MEMBER
May 14 09:15:55 freenas ActiveDirectory: generate_smb_config: testparm: Press enter to see a dump of your service definitions
May 14 09:15:55 freenas ActiveDirectory: /usr/local/bin/python /usr/local/www/freenasUI/middleware/notifier.py start cifs
May 14 09:15:57 freenas ActiveDirectory: AD_init: config exists, loading values from /etc/ActiveDirectory/config
May 14 09:15:57 freenas ActiveDirectory: AD_init: config exists, loading values from /etc/ActiveDirectory/config
May 14 09:15:57 freenas ActiveDirectory: generate_smb_config: checking testparm issues
May 14 09:15:57 freenas ActiveDirectory: generate_smb_config: testparm: Load smb config files from /usr/local/etc/smb.conf
May 14 09:15:57 freenas ActiveDirectory: generate_smb_config: testparm: max_open_files: increasing sysctl_max (11095) to minimum Windows limit (16384)
May 14 09:15:57 freenas ActiveDirectory: generate_smb_config: testparm: rlimit_max: increasing rlimit_max (11095) to minimum Windows limit (16384)
May 14 09:15:57 freenas ActiveDirectory: generate_smb_config: testparm: WARNING: The "idmap uid" option is deprecated
May 14 09:15:57 freenas ActiveDirectory: generate_smb_config: testparm: WARNING: The "idmap gid" option is deprecated
May 14 09:15:57 freenas ActiveDirectory: generate_smb_config: testparm: Loaded services file OK.
May 14 09:15:57 freenas ActiveDirectory: generate_smb_config: testparm: WARNING: The setting 'security=ads' should NOT be combined with the 'password server' parameter.
May 14 09:15:57 freenas ActiveDirectory: generate_smb_config: testparm: (by default Samba will discover the correct DC to contact automatically).
May 14 09:15:57 freenas ActiveDirectory: generate_smb_config: testparm: Server role: ROLE_DOMAIN_MEMBER
May 14 09:15:57 freenas ActiveDirectory: generate_smb_config: testparm: Press enter to see a dump of your service definitions
May 14 09:15:58 freenas notifier: Removing stale Samba tdb files: ....... done
May 14 09:15:58 freenas notifier: Starting nmbd.
May 14 09:15:58 freenas notifier: Starting smbd.
May 14 09:15:58 freenas notifier: Starting winbindd.
May 14 09:15:58 freenas notifier: True
May 14 09:15:58 freenas ActiveDirectory: /usr/sbin/service ix-activedirectory quietstart
May 14 09:15:58 freenas ActiveDirectory: AD_init: config exists, loading values from /etc/ActiveDirectory/config
May 14 09:15:58 freenas ActiveDirectory: activedirectory_start: trying to join domain
May 14 09:15:58 freenas ActiveDirectory: AD_join_domain: net ads join -U Administrator
May 14 09:16:01 freenas notifier: Using short domain name -- NETECO
May 14 09:16:01 freenas notifier: Joined 'FREENAS' to dns domain 'neteco.lan'
May 14 09:16:01 freenas ActiveDirectory: AD_join_domain: Successful
May 14 09:16:01 freenas ActiveDirectory: /usr/sbin/service ix-activedirectory status
May 14 09:16:02 freenas ActiveDirectory: AD_init: config exists, loading values from /etc/ActiveDirectory/config
May 14 09:16:02 freenas ActiveDirectory: activedirectory_status: checking status
May 14 09:16:02 freenas ActiveDirectory: AD_status_domain: net ads status -U Administrator
May 14 09:16:03 freenas ActiveDirectory: AD_status_domain: Okay
May 14 09:16:03 freenas ActiveDirectory: /usr/local/bin/python /usr/local/www/freenasUI/middleware/notifier.py stop cifs
May 14 09:16:05 freenas notifier: dbus not running? (check /var/run/dbus/dbus.pid).
May 14 09:16:05 freenas notifier: Will not 'restart' dbus because dbus_enable is NO.
May 14 09:16:05 freenas notifier: Stopping avahi-daemon.
May 14 09:16:05 freenas notifier: Failed to kill daemon: No such file or directory
May 14 09:16:05 freenas notifier: Will not 'restart' avahi_daemon because avahi_daemon_enable is NO.
May 14 09:16:05 freenas notifier: winbindd not running? (check /var/run/samba/winbindd.pid).
May 14 09:16:05 freenas notifier: Stopping smbd.
May 14 09:16:05 freenas notifier: Waiting for PIDS: 6137.
May 14 09:16:05 freenas notifier: Stopping nmbd.
May 14 09:16:05 freenas notifier: Waiting for PIDS: 6133.
May 14 09:16:05 freenas notifier: False
May 14 09:16:05 freenas ActiveDirectory: /usr/local/bin/python /usr/local/www/freenasUI/middleware/notifier.py start cifs
May 14 09:16:07 freenas ActiveDirectory: AD_init: config exists, loading values from /etc/ActiveDirectory/config
May 14 09:16:07 freenas ActiveDirectory: AD_init: config exists, loading values from /etc/ActiveDirectory/config
May 14 09:16:07 freenas ActiveDirectory: generate_smb_config: checking testparm issues
May 14 09:16:07 freenas ActiveDirectory: generate_smb_config: testparm: Load smb config files from /usr/local/etc/smb.conf
May 14 09:16:07 freenas ActiveDirectory: generate_smb_config: testparm: max_open_files: increasing sysctl_max (11095) to minimum Windows limit (16384)
May 14 09:16:07 freenas ActiveDirectory: generate_smb_config: testparm: rlimit_max: increasing rlimit_max (11095) to minimum Windows limit (16384)
May 14 09:16:07 freenas ActiveDirectory: generate_smb_config: testparm: WARNING: The "idmap uid" option is deprecated
May 14 09:16:07 freenas ActiveDirectory: generate_smb_config: testparm: WARNING: The "idmap gid" option is deprecated
May 14 09:16:07 freenas ActiveDirectory: generate_smb_config: testparm: Loaded services file OK.
May 14 09:16:07 freenas ActiveDirectory: generate_smb_config: testparm: WARNING: The setting 'security=ads' should NOT be combined with the 'password server' parameter.
May 14 09:16:07 freenas ActiveDirectory: generate_smb_config: testparm: (by default Samba will discover the correct DC to contact automatically).
May 14 09:16:07 freenas ActiveDirectory: generate_smb_config: testparm: Server role: ROLE_DOMAIN_MEMBER
May 14 09:16:07 freenas ActiveDirectory: generate_smb_config: testparm: Press enter to see a dump of your service definitions
May 14 09:16:07 freenas notifier: Removing stale Samba tdb files: ...... done
May 14 09:16:07 freenas notifier: Starting nmbd.
May 14 09:16:07 freenas notifier: Starting smbd.
May 14 09:16:07 freenas notifier: Starting winbindd.
May 14 09:16:07 freenas notifier: True
May 14 09:16:07 freenas ActiveDirectory: /usr/sbin/service ix-cache quietstart &
May 14 09:16:08 freenas notifier: No handlers could be found for logger "common.freenasusers"
May 14 09:16:09 freenas ActiveDirectory: AD_init: config exists, loading values from /etc/ActiveDirectory/config
May 14 09:16:09 freenas ActiveDirectory: kerberos_status: klist -l | grep -q ^Administrator@NETECO.LAN
May 14 09:16:09 freenas ActiveDirectory: kerberos_status: Successful
May 14 09:16:09 freenas ActiveDirectory: AD_init: config exists, loading values from /etc/ActiveDirectory/config
May 14 09:16:09 freenas ActiveDirectory: activedirectory_status: checking status
May 14 09:16:09 freenas ActiveDirectory: AD_status_domain: net ads status -U Administrator
May 14 09:16:12 freenas ActiveDirectory: AD_status_domain: Okay
Click to expand...

Any idea? Thanks in advance.
 
L

lord.nemesi

Cadet
Joined
May 13, 2013
Messages
6
Hi Guys,
I noticed these errors:

May 14 09:15:43 freenas notifier: ldap_bind: Strong(er) authentication required (8)
May 14 09:15:43 freenas notifier: additional info: 00002028: LdapErr: DSID-0C0901FC, comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection, data 0, v1db1
Click to expand...

The DC is configued by policy to accept only ssl/tls connection.

Is there a way to enable ssl/tls on freenas?

Thanks
 
Status
Not open for further replies.

Similar threads

L
  • Locked
Freenas 8.3.1 + Server 2008 R2 + Active Directory
Replies
5
Views
2K
gian4nas
gian4nas
L
  • Locked
freenas 8.3.0-release-x86 ACTIVE DIRECTORY] problem joining domain
Replies
0
Views
6K
lorenzoASR
L
S
  • Locked
Freenas can't join AD, AD_status_domain: Not okay
Replies
7
Views
7K
Shrek000
S
D
  • Locked
AD connection flapping after upgrade to U5
Replies
1
Views
1K
deafen
D
L
  • Locked
AD with FreeNAS 9.2.1.7 and Zentyal 3.5
Replies
1
Views
2K
dlavigne
D
Top