SOLVED Problems with CIFS after upgrade to 9.3

Status
Not open for further replies.
M

macmac1

Dabbler
Joined
Apr 9, 2014
Messages
17
Hello,
I upgraded my FreeNAS 9.2.1.5 box to 9.3.
I had it using OpenLDAP to authenticate CIFS shares. To make it work, I had to install Samba extensions on LDAP server.
Now, with 9.3, I had big warning in GUI:

Notice: samba extensions not detected. CIFS authentication to LDAP disabled.

Which looks like false statement to me...
Anyway: the result is that I cannot authenticate users in LDAP any more.
freenas-debug -l correctly shows ldap users and groups fetched from OpenLDAP server.

What is wrong here?
 
entropy

entropy

Cadet
Joined
Dec 17, 2014
Messages
2
Similar problem here: after upgrading a working FreeNAS 9.2.1.9 to 9.3, CIFS authentication stopped working. Only difference is users/groups are fetched from two AD DC (2008-R2). All usual tests with wbinfo/net return OK, but shares are inaccessible to domain users and FreeNAS logs write NT_STATUS_LOGON_FAILURE.
 
SweetAndLow

SweetAndLow

Sweet'NASty
Joined
Nov 6, 2013
Messages
6,421
Are you using SSL/TLS on the LDAP server? FreeNAS now requires this.
 
entropy

entropy

Cadet
Joined
Dec 17, 2014
Messages
2
With

Idmap backend: rid
Winbind NSS Info: rfc2307
SASL wrapping: seal

domain authentication works again.

After upgrade, it was

Idmap backend: ad
Winbind NSS Info: ---------
SASL wrapping: plain
 
M

macmac1

Dabbler
Joined
Apr 9, 2014
Messages
17
I use plain LDAP now.

OK, I can understand that requiring LDAPS makes sense (assuming this is the case), but it could be better notified in FreeNAS GUI: I can setup plain LDAP connection without any complains. And looks like connection IS established (freenas-debug -l shows users and groups). But authentication does not work.

Thanks for hint, I will try it.
 
M

macmac1

Dabbler
Joined
Apr 9, 2014
Messages
17
OK - I've managed it.
My first error was that I did not check "Samba Schema" in LDAP configuration (new option in this release).
Second - that I have WORKGROUP name incorrectly configured in CIFS: this caused no problems with older FreeNAS, but with 9.3 I started to get error in samba log that the primary group domain sid does not match domain sid for user'.
After fixing this, it WORKS now :)

BTW: it works without encrypting LDAP connection, so it seems like "FreeNAS now requires this" is not true, at least for CIFS. Perhaps this is what causes my problem with SSH: https://forums.freenas.org/index.php?threads/ssh-problem-after-upgrade-to-9-3.25817/#post-162786.
 
Status
Not open for further replies.

Similar threads

C
  • Locked
Another problem with the LDAP (OpenLDAP)
Replies
0
Views
2K
Clark Kent
C
Vero O
  • Locked
LDAP users and groups don't appear in the WebGUI
Replies
2
Views
3K
Vero O
Vero O
Oko
  • Locked
SOLVED LDAP for UNIX users
Replies
7
Views
5K
Martintamare
M
N
  • Locked
LDAP authentication with CIFS - password not in database
Replies
6
Views
3K
Normand Leclerc
N
monogrant
  • Locked
sad could not start TLS encryption
Replies
1
Views
1K
dlavigne
D
Top