Hello all
As a preface, I did not develop this system of FreeNAS with FreeIPA LDAP authentication in our environment. Unfortunately that individual is no longer at our disposal. I'll do my best to answer questions or pull logging or other details that might be helpful.
The setup:
Freenas mini xl enclosure running FreeNAS-11.0-U4 (54848d13b)
FreeIPA, version: 4.5.0
To be clear, this system did work correctly for some time. New users could be created in FreeIPA, have proper security groups applied to them and access to samba network shares would be immediately available.
The Issue:
At some point in time, a problem with the system occurred. It was not an immediately noticeable, and was only discovered when a new hire was brought on and I had to create them an account that required network share access. The entire process of creating the account in FreeIPA, applying security groups was completely normal. Additionally we have two other systems that authenticate through FreeIPA (vpn and password vault). Both of these things are completely unaffected and authentication continues to work fine for all new users.
The issue seems to be limited strictly to authenticating to FreeNAS samba shares. After properly creating a new user, ensuring their appropriate security groups are set and their password is in good standing, I attempt to mount or even directly access the network share and am met with the following error:
"\\network\adress is not accessible. You might not have permission to use this network resource. Contact the administrator of this server to find out if you have access permissions.
The security database is corrupted."
It is also very important to know that this problem only affects new users created after the date when this problem first started. I can add new security groups to users who were created prior to this breaking and they will be able to access those samba shares without issue.
I apologize that I am not more knowledgeable on these two system. I only have a basic understanding of this setup and at this point its been dumped in my lap and I need some advice. I'm really not even sure if this is a FreeNAS issue or a FreeIPA issue. The error leads me to believe its an issue with authentication (FreeIPA) but the fact that the other two systems (vpn and password vault) are still working fine for new users makes me think its a FreeNAS issue.
Any input, troubleshooting advice, etc, would be greatly appreciated.
Thank you very much for any support you can lend.
Phil
Resolved update: This was resolved by ensuring all users have a base GID assigned. You can see the troubleshooting steps that led to this below.
As a preface, I did not develop this system of FreeNAS with FreeIPA LDAP authentication in our environment. Unfortunately that individual is no longer at our disposal. I'll do my best to answer questions or pull logging or other details that might be helpful.
The setup:
Freenas mini xl enclosure running FreeNAS-11.0-U4 (54848d13b)
FreeIPA, version: 4.5.0
To be clear, this system did work correctly for some time. New users could be created in FreeIPA, have proper security groups applied to them and access to samba network shares would be immediately available.
The Issue:
At some point in time, a problem with the system occurred. It was not an immediately noticeable, and was only discovered when a new hire was brought on and I had to create them an account that required network share access. The entire process of creating the account in FreeIPA, applying security groups was completely normal. Additionally we have two other systems that authenticate through FreeIPA (vpn and password vault). Both of these things are completely unaffected and authentication continues to work fine for all new users.
The issue seems to be limited strictly to authenticating to FreeNAS samba shares. After properly creating a new user, ensuring their appropriate security groups are set and their password is in good standing, I attempt to mount or even directly access the network share and am met with the following error:
"\\network\adress is not accessible. You might not have permission to use this network resource. Contact the administrator of this server to find out if you have access permissions.
The security database is corrupted."
It is also very important to know that this problem only affects new users created after the date when this problem first started. I can add new security groups to users who were created prior to this breaking and they will be able to access those samba shares without issue.
I apologize that I am not more knowledgeable on these two system. I only have a basic understanding of this setup and at this point its been dumped in my lap and I need some advice. I'm really not even sure if this is a FreeNAS issue or a FreeIPA issue. The error leads me to believe its an issue with authentication (FreeIPA) but the fact that the other two systems (vpn and password vault) are still working fine for new users makes me think its a FreeNAS issue.
Any input, troubleshooting advice, etc, would be greatly appreciated.
Thank you very much for any support you can lend.
Phil
Resolved update: This was resolved by ensuring all users have a base GID assigned. You can see the troubleshooting steps that led to this below.
Last edited: