How to configure a domain controller (active directory)

jacat · Oct 25, 2020

Hello all

I have installed the latest freenas distribution on the server.

12. Services — FreeNAS®11.2-U8 User Guide Table of Contents

www.ixsystems.com

I would like to run a domain controller on freenas server, unfortunately, I cannot see the domain controller in the services tab.

How can I run a domain controller (active directory) on freenas?

Chris Moore · Oct 26, 2020

jacat said:
I have installed the latest freenas distribution

That isn't the latest. The latest FreeNAS is 11.3-u5, but the name was changed with the absolutely most recent release.

What used to be FreeNAS is now called TrueNAS Core.

jacat said:
How can I run a domain controller (active directory) on freenas?

It is not recommended to do that. Have the NAS be both storage server and AD server.

Here is a link to a discussion of it: https://www.truenas.com/community/threads/freenas-as-an-ad-dc.74757/

@anodos may have some updated guidance based on the new release.

anodos · Oct 26, 2020

General guidance is to never join your FreeNAS or TrueNAS server to an AD domain that is exclusively hosted on said server. This creates circular dependencies and can behave unpredictably. A DC is something that you need to be absolutely rock-solid.

jacat · Oct 26, 2020

Chris Moore said:
That isn't the latest. The latest FreeNAS is 11.3-u5, but the name was changed with the absolutely most recent release.

What used to be FreeNAS is now called TrueNAS Core.

It is not recommended to do that. Have the NAS be both storage server and AD server.

Here is a link to a discussion of it: https://www.truenas.com/community/threads/freenas-as-an-ad-dc.74757/

@anodos may have some updated guidance based on the new release.

Do I understand correctly that from FreeNas 11.3 the domain controller service has been removed?
It is also not available in the TrueNas Core 12 version.

Chris Moore · Oct 26, 2020

jacat said:
Do I understand correctly that from FreeNas 11.3 the domain controller service has been removed?
It is also not available in the TrueNas Core 12 version.

There is a reason for that, as I understand it, the problems caused by making FreeNAS a DC were many and varied, so the decision was made to remove the feature. While it is still in the older version of the software, that should not be seen as an indication that it should be used.

anodos · Oct 27, 2020

Yes, the domain controller feature has been removed. Moreover the version in 11.2 is now unmaintained since it is EOL. In 11.2 you can run the command "smbd -V" to see your samba version and then view current CVEs against the version in 11.2 by consulting this page: https://www.samba.org/samba/history/security.html

Note 11.3+ are not vulnerable to AD-DC related security vulnerabilities. This is one part of the many reasons why the feature was removed (we can avoid having to provide a significant amount of out-of-band security updates).

anodos · Oct 27, 2020

Remove "PRIVATE_DATASETS" preset from your shares or share out single share "/mnt/Storage/home/" as private dataset. Looks like SMB session are spinning on trying to connect to the shares (but failing because of permissions checks).

Important Announcement for the TrueNAS Community.

How to configure a domain controller (active directory)

jacat

Cadet

12. Services — FreeNAS®11.2-U8 User Guide Table of Contents

Chris Moore

Hall of Famer

anodos

Sambassador

jacat

Cadet

Chris Moore

Hall of Famer

anodos

Sambassador

anodos

Sambassador

Similar threads