Tim84
Cadet
- Joined
- Mar 26, 2015
- Messages
- 7
Hello,
The problem:
When trying to access \\freenasserver that is located on domain1.local, from domain2.com, as the user domain2\administrator, I am given a prompt for username and password. When I use domain1\administrator all is well, and it lets me in. But I want to be able to get in as domain2\administrator.
If that above is hard to follow let me know and I'll clarify.
I have FreeNAS connected to Active Directory and working great with CIFS shares. But I can't access them as an admin on domain2... but I can access it on domain2 if I log in as the domian1\admin.
I have the FreeNAS shares all set up permission-wise as OWNER = domain1\Administrator, GROUP = domain1\Enterprise Admins. The Enterprise Admins group contains the domain admins group and administrator accounts of BOTH domains. So this should be working without issue, and it works without issue on windows file servers.
When I am on a server on Domain 2, and I try to access \\freenasserver.domain1.local, the message console outputs the following, and at the same time I get a username/password prompt:
Mar 26 17:31:43 SERVER smbd[79453]: STATUS=daemon 'smbd' finished starting up and ready to serve connectionsFailed to map kerberos principal to system user (NT_STATUS_LOGON_FAILURE)
Mar 26 17:31:43 SERVER kernel: <118>Mar 26 17:31:43 SERVER smbd[79453]: STATUS=daemon 'smbd' finished starting up and ready to serve connectionsFailed to map kerberos principal to system user (NT_STATUS_LOGON_FAILURE)
Mar 26 17:31:43 SERVER smbd[79455]: STATUS=daemon 'smbd' finished starting up and ready to serve connectionsFailed to map kerberos principal to system user (NT_STATUS_LOGON_FAILURE)
Mar 26 17:31:43 SERVER kernel: <118>Mar 26 17:31:43 SERVER smbd[79455]: STATUS=daemon 'smbd' finished starting up and ready to serve connectionsFailed to map kerberos principal to system user (NT_STATUS_LOGON_FAILURE)
If I enter the administrator credentials for domain 1, I can connect just fine. But I want to be able to connect as the domain2\administrator. It simply does not let me... even though the domain2\administrator is in the Enterprise Admins group. It's like FreeNAS sees and recognizes the Enterprise Admins group just fine, and everything in it, but ignores anything in it that is of a different domain than what the FreeNAS server is on.
Is there a fix or work-around for this that will allow me to access my freenas server from another trusted domain, if im in the group that has permissions?
Thank you.
The problem:
When trying to access \\freenasserver that is located on domain1.local, from domain2.com, as the user domain2\administrator, I am given a prompt for username and password. When I use domain1\administrator all is well, and it lets me in. But I want to be able to get in as domain2\administrator.
If that above is hard to follow let me know and I'll clarify.
I have FreeNAS connected to Active Directory and working great with CIFS shares. But I can't access them as an admin on domain2... but I can access it on domain2 if I log in as the domian1\admin.
I have the FreeNAS shares all set up permission-wise as OWNER = domain1\Administrator, GROUP = domain1\Enterprise Admins. The Enterprise Admins group contains the domain admins group and administrator accounts of BOTH domains. So this should be working without issue, and it works without issue on windows file servers.
When I am on a server on Domain 2, and I try to access \\freenasserver.domain1.local, the message console outputs the following, and at the same time I get a username/password prompt:
Mar 26 17:31:43 SERVER smbd[79453]: STATUS=daemon 'smbd' finished starting up and ready to serve connectionsFailed to map kerberos principal to system user (NT_STATUS_LOGON_FAILURE)
Mar 26 17:31:43 SERVER kernel: <118>Mar 26 17:31:43 SERVER smbd[79453]: STATUS=daemon 'smbd' finished starting up and ready to serve connectionsFailed to map kerberos principal to system user (NT_STATUS_LOGON_FAILURE)
Mar 26 17:31:43 SERVER smbd[79455]: STATUS=daemon 'smbd' finished starting up and ready to serve connectionsFailed to map kerberos principal to system user (NT_STATUS_LOGON_FAILURE)
Mar 26 17:31:43 SERVER kernel: <118>Mar 26 17:31:43 SERVER smbd[79455]: STATUS=daemon 'smbd' finished starting up and ready to serve connectionsFailed to map kerberos principal to system user (NT_STATUS_LOGON_FAILURE)
If I enter the administrator credentials for domain 1, I can connect just fine. But I want to be able to connect as the domain2\administrator. It simply does not let me... even though the domain2\administrator is in the Enterprise Admins group. It's like FreeNAS sees and recognizes the Enterprise Admins group just fine, and everything in it, but ignores anything in it that is of a different domain than what the FreeNAS server is on.
Is there a fix or work-around for this that will allow me to access my freenas server from another trusted domain, if im in the group that has permissions?
Thank you.