I think I found at least another workaround on the internet for joining FreeNAS 11 U2 to Nethserver AD when FreeNAS and TLS not enabled in samba RE-SOLVED! is not working for you. The tip came from FreeNAS 11 + samba4 AD DC - Can't contact LDAP server | TrueNAS Community
WARNING! This is just a workaround because it deactivates the strong auth requirement on your DC, which might be relevant from perspective of security.
Quick and dirty way for testing:
Add a line to the NSDC container smb.conf in the global section:
nano /var/lib/machines/nsdc/etc/samba/smb.conf
Add this line to global section: ldap server require strong auth = no
Restart samba on nsdc:
systemctl -M nsdc restart samba
Join domain in FreeNAS webui. Only domain, username and password are needed.
Then test on FreeNAS shell if you can see the AD users:
root@freenas:~ # wbinfo -u CMB\administrator CMB\krbtgt CMB\markus CMB\guest CMB\admin
If this works, respect the templates, erase the new line in smb.conf and do:
mkdir -p /etc/e-smith/templates-custom/var/lib/machines/nsdc/etc/samba/smb.conf.include echo "# accept join from FreeNAS" >> /etc/e-smith/templates-custom/var/lib/machines/nsdc/etc/samba/smb.conf.include/20global echo "ldap server require strong auth = no" >> /etc/e-smith/templates-custom/var/lib/machines/nsdc/etc/samba/smb.conf.include/20global expand-template /var/lib/machines/nsdc/etc/samba/smb.conf.include
I used smb.conf.include because smb.conf on nsdc may be erased. If I misunderstood something in the e-smith template system, please tell me, this is my first try…