Tom Murphy
Cadet
- Joined
- Jun 18, 2016
- Messages
- 6
Hi all, just thought I would post because I have spent many days pulling my hair out trying to AD Join FreeNAS to Windows 2012 R2 running at 2012 R2 Domain Function Level . I followed lots of guides and all failed.
Here is what I had to do, I hope it helps others.
On the Windows 2012R2 Domain Controller, I forced the server to accept SMB 1 connections (you should do this on any file servers also in the domain). To do this you have to edit the registry at.
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesLanmanServerDependOnService
set the following.
SamSS
Srv
Srv2
Next, restart the server service, after the restart if you click dependence's on the server service you will see that SMB 1 is active.
Next in ADUC, create a computer account for the freenas server.
then...
After the reboot, log back into the GUI
wbinfo -u
or
wbinfo -g
and you should get a list of AD users and Groups and can now assign them to shares on FreeNAS!
Hope this helps!
Tom
Here is what I had to do, I hope it helps others.
On the Windows 2012R2 Domain Controller, I forced the server to accept SMB 1 connections (you should do this on any file servers also in the domain). To do this you have to edit the registry at.
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesLanmanServerDependOnService
set the following.
SamSS
Srv
Srv2
Next, restart the server service, after the restart if you click dependence's on the server service you will see that SMB 1 is active.
Next in ADUC, create a computer account for the freenas server.
then...
- add a static DNS entry in the forward lookup zone in Windows DNS and create a pointer record (i hope you have reverse DNS setup)
- Ensure that in Sites and Services you have the right subnets for your domain in the right sites, make a note of the site name that the FreeNAS server will reside in. Thats the Windows side of things done.
- At the console or at the GUI, set a static IP address, Subnet mask and default route and DNS/NAME servers
- In the GUI, under SYSTEM, INFORMATION - set the hostname and use a FQDN
- Under SYSTEM, GENERAL select the NTP servers and remove the 3 servers and add your Domain controller(s) IPs if they are the NTP servers on your domain (they are in mine)
- Under SYSTEM, GENERAL , Ensure your time zone matches your region of the world.
- Create your Storage Pool, then your DataSet and Select Windows file share permissions.
- Select NETWORK, Ensure the hostname matches the server name you created in ADUC and DNS in Windows, ensure the domain is FQDN
- Next Click services and go to CIFS and edit, Ensure the NETBIOS name matches the DNS name and computer name you created in Windows ADUC and DNS.
- Ensure the WORKGROUP , matches the pre Windows 2000 name for your Domain and is capitalized.
- Set Server maximum protocol to SMB2
- Turn off UNIX extensions
After the reboot, log back into the GUI
- Click on Directory then Active Directory.
- Click on Advanced mode.
- Ensure Domain Name (DNS/Realm-Name): is set and capitalized and FQDN
- Domain account name I used my administrator account
- Turn off UNIX extensions
- Ensure Site Name: matches the site name the FreeNAS server sits in in AD Sites and Services.
- Domain Controller: Enter the FQDN of the domain controller in capitalized
- Global Catalog: Enter the FQDN of the domain controller in capitalized
- Idmap backend:rid
- SASL wrapping:sign
- NetBIOS name: ensure matches the DNS name and capitalized
- Put you Domain account password
- Save, and you will see Active Directory succesfully updated at the top of the screen.
- Click Basic mode now and check the enabled button and then save, this will now join it to the domain after 30 to 60 seconds, again you will see the success green notification, if it says failed to restart services then recheck the above.
wbinfo -u
or
wbinfo -g
and you should get a list of AD users and Groups and can now assign them to shares on FreeNAS!
Hope this helps!
Tom
Last edited: