[Samba] TLS questions
rpenny at samba.org
Mon Sep 2 09:18:43 UTC 2019
On 01/09/2019 21:46, Rowland penny via samba wrote:
> On 01/09/2019 21:37, Robert Wooden wrote:
>> No, thanks anyway, Rowland.
>> There are some FreeNAS posted command line tests that need to work
>> (pushing me back to kerberos) that are part of their troubleshooting.
>> Once I get that right, if I need to, I'll be back here with questions.
> Where can I Find the tests ?
> I get the feeling that I could just alter smb4.conf to what I think it
> should be, kinit as Administrator and then run 'net ads join -k', but
> would the freenas web GUI be in sync ?
OK, I have figured this out and you do not need a certificate ;-)
Log into the Freenas web gui as root.
I used the winbind 'ad' backend, but you could probably use the 'rid'
Services -> SMB -> Configure
Local Master: NO
Domain Logons: NO
Time server For Domain: NO
UNIX Extension; YES
Zeroconf share discovery: YES
Hostnames Lookups: YES
Allow Execute Always: YES
Obey Pam Restrictions: YES
Range Low: 3000
Range High: 7999
NOTE: the above range is for the default (*) domain
Directory Services -> Active Directory -> ADVANCED MODE
Click 'EDIT IDMAP' and set the DOMAIN range before doing anything else
Range Low: 10000
Range High: 999999
Schema mode: rfc2307
Active Directory -> ADVANCED MODE
Domain Name: samdom.example.com
Domain Account Name: Administrator
Domain Account Password: xxxxxxxxxx
Encryption Mode: Off
UNIX extensions: YES
Use Default Domain: YES
Allow DNS updates: YES # not sure about this, but set it anyway
Disable Freenas updates: YES
Site Name: Default-First-Site-Name
Kerberos Realm: SAMDOM.EXAMPLE.COM
Idmap backend: ad
Winbind NSS info: rfc2307
Click 'SAVE' and you should join the domain
More information about the samba