Žilinská univerzita > Fakulta riadenia a informatiky > Katedra informačných sietí

FreeNAS - problem to join FreeNAS into Windows AD

Prerequisities:

  • FreeNAS 9.10 Stable
  • Time is accurate, using internet NTP servers
  • AD: Windows 2003

Integrating FreeNAS with Windows AD through Directory -> Active Directory Basic mode returns

Can't contact LDAP server

login as a root and typing

wbinfo -t returns

wbinfo -tcould not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE
could not obtain winbind domain name!
checking the trust secret for domain (null) via RPC calls failed
failed to call wbcCheckTrustCredentials: WBC_ERR_WINBIND_NOT_AVAILABLE
Could not check secret
 
where -t option mean
-t|--check-secret
           Verify that the workstation trust account created when the Samba
           server is added to the Windows NT domain is working. May be used in
           conjunction with domain in order to verify interdomain trust
           accounts.

Solving:

first of all check your DNS settings required for AD:

1) check resolving of your domain name to IP, in my case the domain is kis.fri.uniza.sk, dig should return IP address

root@freenas] ~# dig kis.fri.uniza.sk

; <<>> DiG 9.10.4-P1 <<>> kis.fri.uniza.sk
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21107
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;kis.fri.uniza.sk. IN A

;; ANSWER SECTION:
kis.fri.uniza.sk. 600 IN A 192.168.10.2

;; AUTHORITY SECTION:
kis.fri.uniza.sk. 3600 IN NS ns.kis.fri.uniza.sk.

;; ADDITIONAL SECTION:
ns.kis.fri.uniza.sk. 3600 IN A 158.193.152.2

;; Query time: 0 msec
;; SERVER: 158.193.152.2#53(158.193.152.2)
;; WHEN: Mon Nov 14 12:43:11 CET 2016
;; MSG SIZE  rcvd: 94
2) seems ok, check then SRV RR for LDAP service:

 

[root@freenas] ~# host -t srv _ldap._tcp.kis.fri.uniza.sk
_ldap._tcp.kis.fri.uniza.sk has SRV record 0 100 389 pdc.kis.fri.uniza.sk.
3) seems ok, check A resource record  for the domain controller
dig pdc.kis.fri.uniza.sk

; <<>> DiG 9.10.3-P4-Ubuntu <<>> pdc.kis.fri.uniza.sk
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 12104
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:
;pdc.kis.fri.uniza.sk. IN A

;; AUTHORITY SECTION:
kis.fri.uniza.sk. 3600 IN SOA ns.kis.fri.uniza.sk. hostmaster.kis.fri.uniza.sk. 2016111383 10800 3600 604800 3600

;; Query time: 0 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Mon Nov 14 12:33:21 CET 2016
;; MSG SIZE  rcvd: 99
BAD, i'm missing an answer section which means the A RR of my Domain controller inside of my DNS was not added, I need to add it. Once done correctly, it should return the answer correctly
 
dig pdc.kis.fri.uniza.sk

; <<>> DiG 9.10.3-P4-Ubuntu <<>> pdc.kis.fri.uniza.sk
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38508
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;pdc.kis.fri.uniza.sk. IN A

;; ANSWER SECTION:
pdc.kis.fri.uniza.sk. 3600 IN A 192.168.10.2

;; AUTHORITY SECTION:
kis.fri.uniza.sk. 3600 IN NS ns.kis.fri.uniza.sk.

;; ADDITIONAL SECTION:
ns.kis.fri.uniza.sk. 3600 IN A 158.193.152.2

;; Query time: 0 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Mon Nov 14 12:38:56 CET 2016
;; MSG SIZE  rcvd: 98

Now i'm able to simply add FreeNAS to my windows domain.

 

Groups: