Ashley Drees
Dabbler
- Joined
- Oct 6, 2015
- Messages
- 20
OSX 10.10.5 + server.app 5.04 + Open Directory + FreeNAS 9.3.1 on a Dell PowerEdge with 24g of memory.
I am having issues using the LDAP connector on 9.3.1 against an OSX server running yosemite with Server.app 5.04. I have a comodo cert on the OSX server which secures all its public and private services, which are all working as i think they should.
I have followed https://bugs.freenas.org/issues/8875 - and installed the root CA/Cert for the cert that is active on my OSX server.
I am unable to make a TLS connection to the LDAP from my FreeNAS test as the sssd service does not start/activate if i add a CA Cert (irrespective of the comodo ROOT CA or when i create a local CA and use that). If i run it without SSL/TLS the sssd service starts and though i can see all the groups and users ("id LdapUserName" shows the info from the LDAP db) if i create a AFP share and use @LDAPgroupname for access control - i cannot authenticate (though i can use a local user to attach to the share) if i "su LdapUserName" in a shell, i am prompted for a password, but that also fails.
From what i have read, sssd HAS to have an encrypted connection to the LDAP DB, and using the GUI from freeNAS i am unable to set this up.
Additionally:
1, I have set the kerberos to the FQDN of my OSX server and listed the FQDN as the KDC, admin and password servers, i do not have a kerberos keytab or principle (would this stop the SSL/TLS and sssd working?).
2, I have raised https://bugs.freenas.org/issues/11883
Has anyone got the connection to the OSX LDAP working with this configuration, or has anyone got any pointers, all the forum posts, walk throughs and how-tos i have seen are from earlier versions of FreeNAS and/or OSX. I find the documentation quite sparse on this point, if what i am doing is wrong, or i am doing things upside down, please let me know and i will go back and start again, i really need to get the users from the LDAP server able to use the FreeNAS storage without having to manage local users for each one.
"Oct 10 09:37:10 investigate afpd[29584]: authentication failure; logname=root uid=0 euid=0 tty=afpd ruser=ldapuser rhost=192.168.9.200 user=ldapuser
Oct 10 09:37:10 investigate afpd[29584]: received for user ldapuser: 7 (permission denied)"
My issue seems similar to this. https://forums.freenas.org/index.php?threads/self-signed-ca.28850/
NB, i will supply any logs or diagnostics that are requested, i do not want to flood this post with stuff that might or might not be relevant.
I am having issues using the LDAP connector on 9.3.1 against an OSX server running yosemite with Server.app 5.04. I have a comodo cert on the OSX server which secures all its public and private services, which are all working as i think they should.
I have followed https://bugs.freenas.org/issues/8875 - and installed the root CA/Cert for the cert that is active on my OSX server.
I am unable to make a TLS connection to the LDAP from my FreeNAS test as the sssd service does not start/activate if i add a CA Cert (irrespective of the comodo ROOT CA or when i create a local CA and use that). If i run it without SSL/TLS the sssd service starts and though i can see all the groups and users ("id LdapUserName" shows the info from the LDAP db) if i create a AFP share and use @LDAPgroupname for access control - i cannot authenticate (though i can use a local user to attach to the share) if i "su LdapUserName" in a shell, i am prompted for a password, but that also fails.
From what i have read, sssd HAS to have an encrypted connection to the LDAP DB, and using the GUI from freeNAS i am unable to set this up.
Additionally:
1, I have set the kerberos to the FQDN of my OSX server and listed the FQDN as the KDC, admin and password servers, i do not have a kerberos keytab or principle (would this stop the SSL/TLS and sssd working?).
2, I have raised https://bugs.freenas.org/issues/11883
Has anyone got the connection to the OSX LDAP working with this configuration, or has anyone got any pointers, all the forum posts, walk throughs and how-tos i have seen are from earlier versions of FreeNAS and/or OSX. I find the documentation quite sparse on this point, if what i am doing is wrong, or i am doing things upside down, please let me know and i will go back and start again, i really need to get the users from the LDAP server able to use the FreeNAS storage without having to manage local users for each one.
"Oct 10 09:37:10 investigate afpd[29584]: authentication failure; logname=root uid=0 euid=0 tty=afpd ruser=ldapuser rhost=192.168.9.200 user=ldapuser
Oct 10 09:37:10 investigate afpd[29584]: received for user ldapuser: 7 (permission denied)"
My issue seems similar to this. https://forums.freenas.org/index.php?threads/self-signed-ca.28850/
NB, i will supply any logs or diagnostics that are requested, i do not want to flood this post with stuff that might or might not be relevant.
Last edited:
