NT4 Auth

[mmerlone]

Hi,

I have a samba3 domain controller on my network. I'd like FreeNAS 9.1.1 to join this domain so users could map freenas shares using their actual account from samba3. I have set all 6 fileds regarding NT auth, but seems like nothing has been done. Restarted CIFS service but no luck. Tried to join domain from command line but:

[root@freenas ~]# export LOGNAME=root
[root@freenas ~]# net rpc join -S pdcserver
cannot join as standalone machine
[root@freenas ~]#

Any hint?

 

[hraynor]

I had problems similar to you in prior versions of FreeNAS, though this has been fixed since 9.1 for me.

However, I think what you need is to put the following under "Auxiliary Parameters" under CIFS:

Code:

security = domain
password server = <Name or IP of your PDC>

IMHO there should be GUI options to specifically ask for this information, especially if Directory Service is set to NT4.

Incidently, (in case you haven't already) you'll need to go into Settings->General and set "Directory Service" to NT4 of course...

BTW - with 9.1.x you should NOT have to use net rpc join from the shell if you do the above. In 8.3.x I had all sorts of trouble getting FreeNAS to join the domain and tried everything from the shell (with partial success).

Note: I'm using ClearOS Community 6.4 which is using Samba Version 3.6.10-1.v6 (wbinfo -V)

Hope this helps!
Brian

 

[mmerlone]

Some more background information: this box was upgraded from FreeNAS 8.x, which was (unsuccessfully) configured to use OpenLDAP as auth database. After upgrade I noticed there is now a NT4 option. Even later I read somewhere that one cannot have more than one auth database and once configured, there is no how to config another one. Tried to wipe all settings regarding auth on gui and fresh start but no avail.
Am now considering throwing away everything and reinstall FreeNAS, which is ridiculous. Any hint?

 

[dlavigne]

Please create a feature enhancement request at https://bugs.freenas.org/projects/freenas and post the issue number here.

 

[hraynor]

Some more background information: this box was upgraded from FreeNAS 8.x, which was (unsuccessfully) configured to use OpenLDAP as auth database. After upgrade I noticed there is now a NT4 option. Even later I read somewhere that one cannot have more than one auth database and once configured, there is no how to config another one. Tried to wipe all settings regarding auth on gui and fresh start but no avail.
Am now considering throwing away everything and reinstall FreeNAS, which is ridiculous. Any hint?

Sorry for the delay in responding. I've gone back and forth trying to get LDAP working to ClearOS (which I cannot, though I had this working in 8.3, though some issues with CIFS after that). Haven't had any problems going back and forth to NT4 from LDAP authentication. But this was all from 9.1.1 (not an upgrade from 8.x).

In order to upgrade, you should simply be able to write a new 9.1.1 SD card, boot from it, import you disks, and then reconfigure. This is really a "new" install method, but you don't loose the data on the disks. This ensures that you have a fresh start. While my original disks were created and formatted with ZFS under 8.3 (RAID-Z1, 5xWD Red 3TB), I popped in a new 9.1.0 SD card, imported the drives, and reconfigured everything, and from there immediately got NT4 working (with the information I posted above). I later then did do the GUI upgrade from 9.1.0 to 9.1.1 with no issues. But I did not offically do an 8.x -> 9.x upgrade.

I'm one that (unless its minor upgrades) actually prefers to do a fresh install (including on things like Windows, etc) versus an upgrade for two reasons: 1) upgrade applications can't always handle every condition properly, and 2) generally between things I have a lot of garbage that I don't want moved over, so a fresh install helps me to clear up that garbage config and focus on ensuring things are setup optimally. Definitely takes a bit longer though.

 

[hraynor]

Please create a feature enhancement request at https://bugs.freenas.org/projects/freenas and post the issue number here.

Done. Issue number is 3214.

Thanks!