Connect FreeNAS to Nethserver Active Directory

v7
activedirectory

(devfx11) #1

NethServer Version: NethServer release 7.3.1611 (Final)
Module: Active Directory

Hi

I created an Active Directory using Nethserver.
I can join the domain with my Windows 8.1 computer and i see the netlogon and sysvol shares if i go to \mydomain.local

Now when i wanted to connect a FreeNAS to the domain it said i must use TLS.
For i need to use certificates.
Where could i find these certificates ?
My windows computer doesn’t need these to join the domain.

I know it is probably more of a FreeNAS question, but i could join to my Zentyal Active Directory without any problems. Probably was not using TLS :slight_smile:

If anyone could help me connect my FreeNAS setup i would greatly appreciate it.

I am trying to connect FreeNAS 11 and im using NethServer release 7.3.1611 (Final) latest.


(Bill ) #2

I’m struggling with this as well. I’m using letsencrypt on my nethserver and I believe the letsencrypt root certificate needs to be imported into freenas. Whoever invented SSL should be shot in the face with a cannon.


FreeNAS and TLS not enabled in samba RE-SOLVED!
(fpausp) #3

No problems here with Synology NAS as a DomainMember and Radius Server for the Wifi…


(devfx11) #4

Did you add it in computers before trying to add it or how did you proceed ?

I tried adding it first , nothing changed same TLS error.

Is your Synology NAS doing the Radius ?


(Michael Träumner) #5

Hi,
your Server certificate is at

/etc/pki/tls/certs


(devfx11) #6

Hi

Well i tried all kind of possibilities and none seems to work.
So if anyone knows exactly how to do this let me know please.

Also i can not add Zentyal as a secondary domain controller neither.
Similar error.

Meanwhile i will not use FreeNAS in Active Directory mode, and just is it as a backup server.
Thanks for the information.


(fpausp) #7

No

Yes


(devfx11) #8

Did anyone else manage to connect any servers besides Synology NAS to Nethserver Active Directory ?
I tried all possibilities and none worked.


(fpausp) #9

I setup FreeNAS 11 under Proxmox und joined it to my NethServer 7.3 AD …

I will write a little quick and dirty howto next week…

P.S. In the meantime, please test with “getent passwd” on freeNAS CLI if you can see any AD user …


(Alessio Fattorini) #10

Looks interesting. Can you share some screenshots and notes about this? It would be helpful for others too.
Let’s start a new topic on #howto

Wow! We can’t wait for that, indeed. :ok_hand:


(fpausp) #11

Are you still interested to join AD-Members (FreeNAS / Synology) ?

What I can say is that Synology looks much better than FreeNAS. Radius is working to auth my WIFI-Clients… synchronize the Users/Groups under the GUI works good.

FreeNAS has joined AD but I cannot synchronize the Users/Groups under the GUI… I was able to map a FreeNAS-Share with AD-Credentials on my Windows 7 but I do not fully trust this Situation…


(devfx11) #12

Hi
Yeah i am still interested of course , you could share it as a howto as someone said above, that would help out many others or the developers.
However i am now more inclined on using FreeNAS as just a NAS, using it mostly for a backup solution and doing the main job with Nethserver .


(devfx11) #13

I was not able to join it at all so no i can’t see no AD user.


(Alessio Fattorini) #14

@fausp you can just write down some notes so that other people can contribute


(fpausp) #15

Please try this:

Part 1

My Domain: privat.lan
My Nethserver Hostname: neth2
My FreeNAS Hostname: freenas
My LDAP server name: nsdc-neth2.privat.lan

On CLI

  1. Install FreeNAS

On Browser

  1. Go to http://FreeNAS-IP and logon
  2. Configure Language, Keyboard and Timezone…
  3. Setup static IP and WebGUI IPv4 Address
  4. Setup Network - Global Configuration - Domain - IPv4 Gateway - Nameserver
  5. Setup Directory Service - Activ Directory (in Advanced Mode)
  • Domain Name (DNS/Realm-Name): privat.lan
  • Domain Account Name: admin
  • Domain Account Password: myNethServerAdminPassword
  • AD check connectivity frequency (seconds): 60
  • How many recovery attempts: 10
  • Encryption Mode: off
  • Allow Trusted Domains: true
  • Use Default Domain: true
  • Allow DNS updates: true
  • Domain Controller: nsdc-neth2.privat.lan
  • Global Catalog Server: nsdc-neth2.privat.lan
  • Enable: true
  • NetBIOS name: freenas

ON CLI

  • Join Domain with (LDAP server name):

net ads join -S nsdc-neth2.privat.lan -U admin

Enter admin’s password:
Using short domain name – PRIVAT
Joined ‘FREENAS’ to dns domain ‘privat.lan’


(fpausp) #16

Part 2

Check it out …

  • Lists all domain users
    root@freenas:~ # wbinfo -u

  • Lists all domain groups
    root@freenas:~ # wbinfo -g

  • List trusted domains
    root@freenas:~ # wbinfo -m

  • check passwd
    root@freenas:~ # getent passwd


(Alessio Fattorini) #17

Just edited your formatting aligning with markup style. Great job, thanks for sharing


(Bill ) #18

When clicking save on the Browser step I get the following error:
BindSimple: Transport encryption required., Strong(er) authentication required


(fpausp) #19

I used a fresh installed FreeNAS-11.0-RELEASE.iso from 15.06.17 for the test. What Version do you use?

Can you test it on two fresh installed servers (Nethserver, FreeNAS)?


(Bill ) #20

FreeNAS-11.0-U1

NethServer release 7.3.1611

Unfortunately I’m not in a position to test default installs at the moment.