Uploaded image for project: 'FreeNAS / TrueNAS'
  1. FreeNAS / TrueNAS
  2. NAS-105492

LDAP no longer works after upgrading from 11.2-U7 to 11.3-U7

    XMLWordPrintable

    Details

      Description

      Prior to upgrading from 11.2-U7 to 11.3-U1 I was able to ssh to my FreeNAS server as any user in my LDAP and end up in the home directory, or access SMB/CIFS shares, or type somethign liek `cd ~cory`. Now, that is no longer possible. Running `getent passwd` only shows local users, though I dont remember running that before because, well, LDAP user worked.

      I notice in the new UI that there is an icon by the alerts icon that shows the current directory services that there was a warning icon besides LDAP, but any attempt to fix things results in errors on save.

      File 'Screenshot from 2020-03-21 13-39-34.png' shows what happens when I enable encrypt as either 'ON' or 'START_TLS'. With encryption set to 'OFF' the other screenshot occurs.

      Trying`ldapsearch -vvvvv -H ldap://ldap.cory.albrecht.name -x -b "dc=cory,dc=albrecht,dc=name" "(uid=cory)"` works, but `ldapsearch -vvvvv -H ldaps://ldap.cory.albrecht.name -x -b "dc=cory,dc=albrecht,dc=name" "(uid=cory)"` does not

      If I put my CA certificate in FreeNAS's /etc/ssl  and modify /etc/local/openldap/ldap.conf with TLS_CACERT, then `ldapsearch -vvvvv -H ldaps://ldap.cory.albrecht.name -x -b "dc=cory,dc=albrecht,dc=name" "(uid=cory)"` works.

      BTW, didn't SSSD used to be part of FreeNAS, to manage LDAP users? Or am I misremembering things? It doesn't seem to be there now.

        Attachments

          Attachments

            JEditor

              Activity

                People

                Assignee:
                awalker Andrew Walker
                Reporter:
                Bytor Cory Albrecht
                Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                  Dates

                  Due:
                  Created:
                  Updated:
                  Resolved: