How can I get FreeNAS to work with LDAP authentication?
To find the cause of this issue, I first started Samba in interactive mode with a higher debug level to see any messages in the output that could help:
/usr/local/sbin/smbd --interactive --debuglevel=3
Now I got more helpful output than before:
check_ntlm_password: Checking password for unmapped user [WORKGROUP]\[osalzburg]@[LDAP] with the new password interface
check_ntlm_password: mapped user is: [FREENAS]\[osalzburg]@[LDAP]
init_sam_from_ldap: Entry found for user: osalzburg
Primary group S-1-5-21-1400563477-347728745-2499486669-512 for user osalzburg is a UNKNOWN and not a domain group
Forcing Primary Group to 'Domain Users' for osalzburg
The primary group domain sid(S-1-5-21-1134279832-878937066-538846017-513) does not match the domain sid(S-1-5-21-1400563477-347728745-2499486669) for osalzburg(S-1-5-21-1400563477-347728745-2499486669-3002)
check_sam_security: make_server_info_sam() failed with 'NT_STATUS_UNSUCCESSFUL'
check_ntlm_password: Authentication for user [osalzburg] -> [osalzburg] FAILED with error NT_STATUS_UNSUCCESSFUL
error packet at smbd/sesssetup.c(124) cmd=115 (SMBsesssetupX) NT_STATUS_UNSUCCESSFUL
Server exit (failed to receive smb request)
Terminated: 15
The key here is the part:
The primary group domain sid
(S-1-5-21-1134279832-878937066-538846017-513) does not match the domain sid
(S-1-5-21-1400563477-347728745-2499486669) for osalzburg(S-1-5-21-1400563477-347728745-2499486669-3002)
To resolve the mismatch, I changed the sambaSID
of my FREENAS
sambaDomainName
entry to S-1-5-21-1400563477-347728745-2499486669
as suggested in this bug report comment.
I'm not sure where exactly I messed up my setup, but running Samba with debug output was key to finding the cause of the problem.
Related videos on Youtube
halra
Never forget: :w !sudo tee % Save a file in vim when you neglected to open the file with sudo but already made changes you don't want to lose. Ctrl+X,* Evaluate globbing on your current input on the bash command line. postfix flush Pump out the postfix queue on your backup MX after you've fixed the issue with your primary MX. git tag -l | xargs -n 1 git push --delete origin; git tag | xargs git tag -d Delete all tags from a git repo - remotely and locally. sudo apt-get purge $(for tag in "linux-image" "linux-headers"; do dpkg-query -W -f'${Package}\n' "$tag-[0-9]*.[0-9]*.[0-9]*" | sort -V | awk 'index($0,c){exit} //' c=$(uname -r | cut -d- -f1,2); done) Delete old kernels https://signup.microsoft.com/productkeystart Register new Office 365 product keys for an existing tenant.
Updated on September 18, 2022Comments
-
halra over 1 year
I'm trying to set up a FreeNAS 9.1.1 server with CIFS shares with LDAP authentication.
I've set up an OpenLDAP server, populated it with
smbldap-populate
, added a user account for myself and configured the LDAP client on the FreeNAS to utilize the directory. It seems to me like FreeNAS can retrieve the users and groups fine, as thegetent passwd
andgetent group
output lists the entities that I've set up on my OpenLDAP server.So far so good. I've now created a new ZFS volume and set it up to be owned by my LDAP user account and the Domain Admins group.
When I now try to use the share, by issuing
net use \\freenas\zfs0-share
on my Windows command line, I get the following result:System error 59 has occured. An unexpected network error occurred.
In my FreeNAS console, I get the following output:
freenas smbd: auth/check_samsec.c:491(check_sam_security) check_sam_security: make_server_info_sam() failed with NT_STATUS_UNSUCCESSFUL
What does this error indicate and how can I resolve it?