joesnow1234
Dabbler
- Joined
- Aug 7, 2017
- Messages
- 14
Hi, I am builing a samba to act as AD DCs, and plan to integrate with FreeNAS ( latest version
FreeNAS-11.0-U2 (e417d8aa5) so that users could restrict to access their owned folders of SMB shares.etc.
I first create a CA named CA in FreeNAS( System =>CAs) with common name freenas.xxx.com, and then sign a certificate with this CA with common name pdc.xxx.com , follow this instruction
https://forums.freenas.org/index.php?threads/cant-join-to-samba-ad-dc.43513/
config snippest of smb.conf is
The attachment is directory service.
when I click "save" button, errors raise up with
juding from error, it seems that FreeNAS does not recognize CA's ceritificate(ca.pem) . If it's centos /debian I would like to add ca.pem to system cert store and update-ca-cert. But for FreeNAS, I don't know how.
So what's wrong with my setup? I also wonder where does the related log locate? /var/log/messages shows nothing useful.
Thanks.
FreeNAS-11.0-U2 (e417d8aa5) so that users could restrict to access their owned folders of SMB shares.etc.
I first create a CA named CA in FreeNAS( System =>CAs) with common name freenas.xxx.com, and then sign a certificate with this CA with common name pdc.xxx.com , follow this instruction
https://forums.freenas.org/index.php?threads/cant-join-to-samba-ad-dc.43513/
config snippest of smb.conf is
Code:
idmap_ldb:use rfc2307 = yes tls enabled = yes tls keyfile = /usr/var/lib/samba/private/tls/key.pem # This is certificate signed by CA tls certfile = /usr/var/lib/samba/private/tls/cert.pem # This is the corresponding key of key.pem, see above. tls cafile = /usr/var/lib/samba/private/tls/ca.pem # This is CA pem, in CA of FreeNAS.
The attachment is directory service.
when I click "save" button, errors raise up with
Code:
- {'desc': 'Connect error', 'info': 'error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed (unable to get local issuer certificate)'}
juding from error, it seems that FreeNAS does not recognize CA's ceritificate(ca.pem) . If it's centos /debian I would like to add ca.pem to system cert store and update-ca-cert. But for FreeNAS, I don't know how.
So what's wrong with my setup? I also wonder where does the related log locate? /var/log/messages shows nothing useful.
Thanks.