Good evening,
It's been a full week since I've been trying to make my NAS join my Windows Server 2016 AD domain.
Even after following over 20 tutorials, documentation, and trying to solve the problem by myself, I'm still unable to make it join the domain.
Trying with AD:
I get this error while trying to enable AD:
In the Samba logs:
AD Setup in the GUI:
No access to the shared folder (normal AD account, Administrator account and FreeNAS' root account can't login)
Trying with LDAP:
When enabling LDAP, everything seems to be fine...
But Samba services stops with the following errors:
LDAP setup in the GUI:
No access to the shared folder (normal AD account, Administrator account and FreeNAS' root account can't login)
Samba setup in the GUI:
Samba configuration file:
[global]
encrypt passwords = yes
dns proxy = no
strict locking = no
oplocks = yes
deadtime = 15
max log size = 51200
max open files = 171047
logging = file
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
getwd cache = yes
guest account = nobody
map to guest = Bad User
obey pam restrictions = yes
ntlm auth = no
directory name cache size = 0
kernel change notify = no
panic action = /usr/local/libexec/samba/samba-backtrace
nsupdate command = /usr/local/bin/samba-nsupdate -g
server string = nas-01
ea support = yes
store dos attributes = yes
lm announce = yes
hostname lookups = yes
acl allow execute always = true
dos filemode = yes
multicast dns register = yes
local master = no
idmap config *: backend = tdb
idmap config *: range = 90000001-100000000
server role = member server
security = user
passdb backend = ldapsam:ldap://srv-01.ig.prv
ldap admin dn = cn=(the binding admin account)
ldap suffix = dc=ig,dc=prv
ldap user suffix = ou=(the OU)
ldap group suffix = ou=(the OU)
ldap machine suffix = ou=(the OU)
ldap ssl = off
ldap replication sleep = 1000
ldap passwd sync = yes
ldapsam:trusted = yes
workgroup = IG
domain logons = yes
idmap config IG: backend = ldap
idmap config IG: range = 10000-90000000
netbios name = NAS-01
create mask = 0666
directory mask = 0777
client ntlmv2 auth = yes
dos charset = CP437
unix charset = UTF-8
log level = 1
[storage]
path = "/mnt/storage"
printable = no
veto files = /.snapshot/.windows/.mac/.zfs/
writeable = yes
browseable = yes
access based share enum = no
vfs objects = zfs_space zfsacl streams_xattr
hide dot files = yes
guest ok = no
nfs4:mode = special
nfs4:acedup = merge
nfs4:chown = true
zfsacl:acesort = dontcare
I really hope somebody can help me with this... I'm going crazy because it hasn't been working for a full week now and I still got no answers for this problem
It's been a full week since I've been trying to make my NAS join my Windows Server 2016 AD domain.
Even after following over 20 tutorials, documentation, and trying to solve the problem by myself, I'm still unable to make it join the domain.
Trying with AD:
I get this error while trying to enable AD:
In the Samba logs:
create_connection_session_info failed: NT_STATUS_ACCESS_DENIED
AD Setup in the GUI:
No access to the shared folder (normal AD account, Administrator account and FreeNAS' root account can't login)
Trying with LDAP:
When enabling LDAP, everything seems to be fine...
But Samba services stops with the following errors:
[2018/04/14 22:10:07.571323, 1] ../source3/passdb/pdb_ldap_util.c:237(add_new_domain_info)
add_new_domain_info: failed to add domain dn= sambaDomainName=IG,dc=ig,dc=prv with: No such attribute
00000057: LdapErr: DSID-0C091027, comment: Error in attribute conversion operation, data 0, v3839
[2018/04/14 22:10:07.571347, 0] ../source3/passdb/pdb_ldap_util.c:314(smbldap_search_domain_info)
smbldap_search_domain_info: Adding domain info for IG failed with NT_STATUS_UNSUCCESSFUL
[2018/04/14 22:10:07.571359, 0] ../source3/passdb/pdb_ldap.c:6643(pdb_ldapsam_init_common)
pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to the domain. We cannot work reliably without it.
[2018/04/14 22:10:07.571366, 0] ../source3/passdb/pdb_interface.c:180(make_pdb_method_name)
pdb backend ldapsam:ldap://srv-01.ig.prv did not correctly init (error was NT_STATUS_CANT_ACCESS_DOMAIN_INFO)
LDAP setup in the GUI:
No access to the shared folder (normal AD account, Administrator account and FreeNAS' root account can't login)
Samba setup in the GUI:
Samba configuration file:
[global]
encrypt passwords = yes
dns proxy = no
strict locking = no
oplocks = yes
deadtime = 15
max log size = 51200
max open files = 171047
logging = file
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
getwd cache = yes
guest account = nobody
map to guest = Bad User
obey pam restrictions = yes
ntlm auth = no
directory name cache size = 0
kernel change notify = no
panic action = /usr/local/libexec/samba/samba-backtrace
nsupdate command = /usr/local/bin/samba-nsupdate -g
server string = nas-01
ea support = yes
store dos attributes = yes
lm announce = yes
hostname lookups = yes
acl allow execute always = true
dos filemode = yes
multicast dns register = yes
local master = no
idmap config *: backend = tdb
idmap config *: range = 90000001-100000000
server role = member server
security = user
passdb backend = ldapsam:ldap://srv-01.ig.prv
ldap admin dn = cn=(the binding admin account)
ldap suffix = dc=ig,dc=prv
ldap user suffix = ou=(the OU)
ldap group suffix = ou=(the OU)
ldap machine suffix = ou=(the OU)
ldap ssl = off
ldap replication sleep = 1000
ldap passwd sync = yes
ldapsam:trusted = yes
workgroup = IG
domain logons = yes
idmap config IG: backend = ldap
idmap config IG: range = 10000-90000000
netbios name = NAS-01
create mask = 0666
directory mask = 0777
client ntlmv2 auth = yes
dos charset = CP437
unix charset = UTF-8
log level = 1
[storage]
path = "/mnt/storage"
printable = no
veto files = /.snapshot/.windows/.mac/.zfs/
writeable = yes
browseable = yes
access based share enum = no
vfs objects = zfs_space zfsacl streams_xattr
hide dot files = yes
guest ok = no
nfs4:mode = special
nfs4:acedup = merge
nfs4:chown = true
zfsacl:acesort = dontcare
I really hope somebody can help me with this... I'm going crazy because it hasn't been working for a full week now and I still got no answers for this problem