Win2k12 r2 AD & FreeNAS 9.2.1.5 ldapsearch issues

[ndboost]

I have a win2k12 r2 box that is configured with ad, dhcp, dns, ntp and has the unix extensions role added to it.

my freenas box is registered to the domain (i can see it in the list of computers), its using my default administrator AD ID right now.

if i'm running as root on the nas, i can run `ldapsearch` and i get a list back of data from AD. CIFS shares work great when authenticating against AD and permissions are right. I can also do things like `id <someaduser>` and i can see their associated unix attributes and information from AD.

However, if i run as a non-root AD based user over SSH ldapsearch returns errors. I know if i run kinit, and re-authenticate with my non-root AD user the tmp file is created, and then ldapsearch works fine for that session.

Code:

#ssh into the nas as an AD user, authenticates fine
mikedevita $ ldapsearch
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind_s: Local error (-2)
additional info: SASL(-1): generic failure: GSSAPI Error:  Miscellaneous failure (see text)    (open(/tmp/krb5cc_501): No such file or directory)

I have a macbook which uses AFP shares, and it cannot authenticate, it just says invalid password with not much more detail.

So it seems i have two issues here,

1. nas box has issues running searches against "ldap" domain with non-root users
2. non windows machines have authentication issues when trying to browse shares over AFP

 

[cyberjock]

You shouldn't be mixing file sharing protocols to prevent file corruption problems. I'd recommend you use CIFS on your Mac.

 

[ndboost]

i wasn't even aware you could use cifs on mac's lol! Ill look at that, as a solution but there's still the standing issue with ad not initiating certificates automatically.

 

[ndboost]

cyberjock, im chiming in here to say using CIFS corrects the share problem for now.. but im still getting those ldap errors and have to run kinit.