FreeNAS and TLS not enabled in samba RE-SOLVED!

v7
activedirectory

(Héctor Pérez) #1

So i´m trying to configure FreeNAS atached to the domain of NEthserver.

Now im folowing this steps : Connect FreeNAS to Nethserver Active Directory

But i gaveme this error : Strong(er) authentication required, BindSimple: Transport encryption required.

In the FreeNAS Forum we find this INFO.

  1. If you are using AD, you can only use self-signed certs if the entire cert chain is made available to the FreeNAS. That means that the CA must be on the FreeNAS that signed for the AD certs.
  2. You must use TLS 1.2 or higher when using Samba 4.3 (which is available on the version that have the badlocks patch), the most recent and one prior version if memory serves me right.

We have to add this lines to the smb.conf

tls enabled = yes
tls cafile = /path/to/cert/samba-root-ca.pem
tls certfile = /path/to/cert/samba-cert.pem
tls keyfile = /path/to/cert/samba-key.pem

And import the certificate to the FreeNAS

Do I have to add the lines to a template in the /etc/e-smith folder?


Connect FreeNAS to Nethserver Active Directory
User's Remote shell (SSH) access
(Michael Träumner) #2

Yes, please build a custom template at

/etc/e-smith/templates-custom/etc/samba/smb.conf

If you didn’t your entries are deleted at next restart.


(Héctor Pérez) #3

Bit weird but it works

SYnology NAS works without encryption and use the Active directory.

http://xpenology.me/downloads/

It uses a USB memstick to boot and a DSM image for the config / SO.

You need to download a utility to discover the IP and configure the: Synology Assistant

http://global.download.synology.com/download/Tools/SynologyAssistant/5005/Windows/SynologyAssistantSetup-5.2-5005.exe

It`s beautiful but don’t use the 6.02 update (doesn’t work at all, you need a new img, I can´t find such image).

Four years and I see a NAS working under linux AD. now is to play with the config.


(Michael Träumner) #4

Can you mark it as solved please.


(Héctor Pérez) #5

the images are : DSM_5.2-5644 PAT download 43a3c4a95c95c4fbe7ba0d2f39d60747
DSM_5.2-5644 Update-1 PAT download c0d2e33447077cbfcb81758ead064388
DSM_5.2-5644 Update-2 PAT download 49019ef1a9eedc04f52838f1e950920e
DSM_5.2-5644 Update-3 PAT download 2ea3080dcfa25794f22681b3743c23d5
DSM_5.2-5644 Update-5 PAT download 92f2632d29c27608f0bf7acabf01bed6

You have to upload them in order thoug the update page. is better the FreeNAS but it doesn’t work with TLS.

Thanks a lot