JumpCloud LDAP Authentication Issue

Joined
Aug 18, 2019
Messages
4
Hey all,

I'm having an issue with trying to get JumpCloud LDAP to propagate users and groups for account access and SMB home directory generation.

I've read and utilized the instructions from JumpCloud (JC) to allow the account to login.
I'm fairly certain FreeNAS (FN) is able to access my JC account, as the SMB service is able to start and function. I was also successful in querying the LDAP database with the ldapsearch command.

Unfortunately, neither the users nor the groups seem to be propagating. I've checked with the getent passwd and getent group commands. I've also tried rebooting the system.

This is what the sssd.conf file looks like (certain parts have been obfuscated):

Code:
[sssd]
config_file_version = 2
full_name_format = %2$s\%1$s
re_expression = (((?P<domain>[^\\]+)\\(?P<name>.+$))|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?P<name>[^@\\]+)$))
services = nss,pam
domains = LDAP


[nss]

[pam]

[domain/LDAP]
description = LDAP
enumerate = true
cache_credentials = true
id_provider = ldap
auth_provider = ldap
chpass_provider = ldap
ldap_schema = rfc2307
ldap_force_upper_case_realm = true
use_fully_qualified_names = false
ldap_uri = ldap://ldap.jumpcloud.com
ldap_search_base = o=<org_id>,dc=jumpcloud,dc=com
ldap_user_search_base = o=<org_id>,dc=jumpcloud,dc=com?subtree?(objectclass=posixAccount)
ldap_group_search_base = o=<org_id>,dc=jumpcloud,dc=com?subtree?(objectclass=posixGroup)
tls_reqcert = allow
ldap_tls_cacert = /etc/certificates/CA/jumpcloud-ca.crt
ldap_id_use_start_tls = true
ldap_default_bind_dn = uid=<bind_account>,ou=Users,o=<org_id>,dc=jumpcloud,dc=com
ldap_default_authtok_type = password
ldap_default_authtok = ****************
override_homedir = /mnt/Storage/home_directories/%d/%u



-----------------------
System specs are as follows:

OS Version:
FreeNAS-11.2-U5
(Build Date: Jun 24, 2019 18:41)

Processor:
Intel(R) Xeon(R) CPU D-1541 @ 2.10GHz (16 cores)

Memory:
64 GiB

HostName:
freenas.local


-----------------------
I have no idea what I'm doing wrong, and would love some additional help.

Thanks in advance!
 
Joined
Aug 18, 2019
Messages
4
The getent wasn't working, but I figured out why LDAP wasn't propagating! I had the wrong GoDaddy CA copied. Would be nice if the tool returned errors about that.

Unfortunately, I'm still trying to figure out why they don't propagate home directories onto the SMB share, or why the accounts don't show in the GUI. I'm sure it's something I'm still doing wrong, but I'm definately further ahead now.
 
Joined
Aug 18, 2019
Messages
4
Not completely. However, the main issue I have now is the lack of propagation being visible under the Users & Groups in the Web UI, as well as not being able to get the accounts to be usable with Samba.

Unfortunately, I haven't had a lot of time to put into solving this issue, yet.
 
Joined
Aug 18, 2019
Messages
4
So, I'm doing a little bit of additional troubleshooting. The service was suddenly working, then suddenly not. I spent a couple hours being confused, now it's working again.

I did change the WORKGROUP, since I saw an error with SMB about being unable to set the WORKGROUP name.

Beyond that, I have no idea what I did, other than tail the log file and restart the DHCP server.

What I know works now:
JumpCloud users propagate.
SMB Shares setup with JumpCloud users correctly sync credentials.
 
Top