Prerequisities:
- FreeNAS 9.10 Stable
- Time is accurate, using internet NTP servers
- AD: Windows 2003
Integrating FreeNAS with Windows AD through Directory -> Active Directory Basic mode returns
Can't contact LDAP server
login as a root and typing
wbinfo -t returns
wbinfo -tcould not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE could not obtain winbind domain name! checking the trust secret for domain (null) via RPC calls failed failed to call wbcCheckTrustCredentials: WBC_ERR_WINBIND_NOT_AVAILABLE Could not check secret
where -t option mean
-t|--check-secret Verify that the workstation trust account created when the Samba server is added to the Windows NT domain is working. May be used in conjunction with domain in order to verify interdomain trust accounts.
Solving:
first of all check your DNS settings required for AD:
1) check resolving of your domain name to IP, in my case the domain is kis.fri.uniza.sk, dig should return IP address
root@freenas] ~# dig kis.fri.uniza.sk
; <<>> DiG 9.10.4-P1 <<>> kis.fri.uniza.sk
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21107
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;kis.fri.uniza.sk. IN A
;; ANSWER SECTION:
kis.fri.uniza.sk. 600 IN A 192.168.10.2
;; AUTHORITY SECTION:
kis.fri.uniza.sk. 3600 IN NS ns.kis.fri.uniza.sk.
;; ADDITIONAL SECTION:
ns.kis.fri.uniza.sk. 3600 IN A 158.193.152.2
;; Query time: 0 msec
;; SERVER: 158.193.152.2#53(158.193.152.2)
;; WHEN: Mon Nov 14 12:43:11 CET 2016
;; MSG SIZE rcvd: 94
2) seems ok, check then SRV RR for LDAP service:
[root@freenas] ~# host -t srv _ldap._tcp.kis.fri.uniza.sk
_ldap._tcp.kis.fri.uniza.sk has SRV record 0 100 389 pdc.kis.fri.uniza.sk.
3) seems ok, check A resource record for the domain controller
dig pdc.kis.fri.uniza.sk ; <<>> DiG 9.10.3-P4-Ubuntu <<>> pdc.kis.fri.uniza.sk ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 12104 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;pdc.kis.fri.uniza.sk. IN A ;; AUTHORITY SECTION: kis.fri.uniza.sk. 3600 IN SOA ns.kis.fri.uniza.sk. hostmaster.kis.fri.uniza.sk. 2016111383 10800 3600 604800 3600 ;; Query time: 0 msec ;; SERVER: 127.0.1.1#53(127.0.1.1) ;; WHEN: Mon Nov 14 12:33:21 CET 2016 ;; MSG SIZE rcvd: 99
BAD, i’m missing an answer section which means the A RR of my Domain controller inside of my DNS was not added, I need to add it. Once done correctly, it should return the answer correctly
dig pdc.kis.fri.uniza.sk
; <<>> DiG 9.10.3-P4-Ubuntu <<>> pdc.kis.fri.uniza.sk
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38508
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;pdc.kis.fri.uniza.sk. IN A
;; ANSWER SECTION:
pdc.kis.fri.uniza.sk. 3600 IN A 192.168.10.2
;; AUTHORITY SECTION:
kis.fri.uniza.sk. 3600 IN NS ns.kis.fri.uniza.sk.
;; ADDITIONAL SECTION:
ns.kis.fri.uniza.sk. 3600 IN A 158.193.152.2
;; Query time: 0 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Mon Nov 14 12:38:56 CET 2016
;; MSG SIZE rcvd: 98
Now i’m able to simply add FreeNAS to my windows domain.