What errors are you getting on the FreeNAS side? Without something more to go on, there's no where to go to start trying to diagnose the issue.
Sorry, should have said: I can't see any errors on the FreeNAS side. Maybe it's just me doing the wrong steps (following the FreeNAS 9.3 documentation) or setting wrong values in FreeNAS's dialog boxes.
What I've done:
- set up FreeNAS box (let's name it "nas"), updated to latest current stable (no more updates available by now)
- configured it as a Samba4 AD Domain Controller using Samba's internal DNS:
Realm: MYDOMAIN.NET
Domain: MYDOMAIN
Server Role: active directory domain controller
Domain Forest Level: 2008_R2
Kerberos Realm: ----
- created a user JohnDoe
- set up a CIFS share:
Browsable to Network Clients and Allow Guest Access are set, everything else not
VFS Objects selected: aio_pthread, streams_xattr (although this must have happened automatically, not done by me)
- set up AFP service:
have not changed anything, just switched on the service
- set up an AFP share:
only No Stats and AFP3 Unix Privs selected
- set folder permissions on the folders used for the shares
- joined my MacBook (OS X 10.10.2) to the Domain and logged on using JohnDoe (which has never been created manually on the Mac)
What happens:
- authentication succeeds, for I can log on with JohnDoe's Domain credentials
- verified, that there is a TGT after log on
- verified, that the my Mac exists as an object in Samba4 AD on FreeNAS
- listed SPNs of nas$ (my FreeNAS machine) from it's AD
- verified DNS entries for the FreeNAS box and my Mac in Sambas internal DNS
With only CIFS sharing enabled, AFP service disabled (and logged on as JohnDoe):
- accessing server nas from Finder's sidebar succeeds and shows list of CIFS shares; connected as switches to JohnDoe
- accessing CIFS share on nas from finder's sidebar succeeds without any further credentials to enter
- can see a CIFS service ticket then via klist
- can see successful Kerberos authentication on FreeNAS in /var/log/samba4/log.samba
With CIFS and AFP sharing enabled:
- accessing server nas from Finder's sidebar shows nothing; connected as says not connected
- after clicking on connect as and entering my password (Username is already filled in), I can see the AFP share and access it
- I don't see any Kerberos service ticket
- var/log/samba4/log.samba shows that NTLM has been used instead of Kerberos
Let's put NFS on hold for now, as going step-by-step is more advisable.
I strongly recommend to show, how it should work, including all settings in all involved configurations screen of FreeNAS's GUI, for
- my setup is not very special
- I have no special requirements for now
- all in all it is a plain vanilla configuration
But if you recommend to diagnose my setup before, please guide me to where I can find necessary logs an d configuration files.
BTW: talking about config files - can someone tell me where the SPN for FreeNAS/Sambas CIFS service/shares comes from, as it is not listed as an SPN for the server's object in AD.
Kind regards