[Samba] TLS questions

Rowland penny rpenny at samba.org
Mon Sep 2 09:18:43 UTC 2019

On 01/09/2019 21:46, Rowland penny via samba wrote:
> On 01/09/2019 21:37, Robert Wooden wrote:
>> No, thanks anyway, Rowland.
>> There are some FreeNAS posted command line tests that need to work 
>> (pushing me back to kerberos) that are part of their troubleshooting. 
>> Once I get that right, if I need to, I'll be back here with questions.
> Where can I Find the tests ?
> I get the feeling that I could just alter smb4.conf to what I think it 
> should be, kinit as Administrator and then run 'net ads join -k', but 
> would the freenas web GUI be in sync ?
> Rowland
OK, I have figured this out and you do not need a certificate ;-)

Log into the Freenas web gui as root.

I used the winbind 'ad' backend, but you could probably use the 'rid' 
backend instead.

Services -> SMB -> Configure

Workgroup: SAMDOM
Local Master: NO
Domain Logons: NO
Time server For Domain: NO

UNIX Extension; YES
Zeroconf share discovery: YES
Hostnames Lookups: YES
Allow Execute Always: YES
Obey Pam Restrictions: YES

Range Low: 3000
Range High: 7999

NOTE: the above range is for the default (*) domain

Click 'SAVE'

Directory Services -> Active Directory -> ADVANCED MODE

Click 'EDIT IDMAP' and set the DOMAIN range before doing anything else

Range Low: 10000
Range High: 999999
Schema mode: rfc2307

Click 'SAVE'

Active Directory -> ADVANCED MODE

Domain Name: samdom.example.com
Domain Account Name: Administrator
Domain Account Password: xxxxxxxxxx

Encryption Mode: Off
Certificate: NONE

UNIX extensions: YES
Use Default Domain: YES
Allow DNS updates: YES # not sure about this, but set it anyway
Disable Freenas updates: YES

Site Name: Default-First-Site-Name
Idmap backend: ad
Winbind NSS info: rfc2307


Click 'SAVE' and you should join the domain


More information about the samba mailing list