Details
-
Type:
Bug
-
Status: Done (View Workflow)
-
Priority:
Low
-
Resolution: Complete
-
Affects Version/s: 11.3-U1, 12.0-ALPHA1
-
Fix Version/s: 12.0-ALPHA1, 11.3-U3
-
Component/s: Directory Services
-
Labels:None
Description
Prior to upgrading from 11.2-U7 to 11.3-U1 I was able to ssh to my FreeNAS server as any user in my LDAP and end up in the home directory, or access SMB/CIFS shares, or type somethign liek `cd ~cory`. Now, that is no longer possible. Running `getent passwd` only shows local users, though I dont remember running that before because, well, LDAP user worked.
I notice in the new UI that there is an icon by the alerts icon that shows the current directory services that there was a warning icon besides LDAP, but any attempt to fix things results in errors on save.
File 'Screenshot from 2020-03-21 13-39-34.png' shows what happens when I enable encrypt as either 'ON' or 'START_TLS'. With encryption set to 'OFF' the other screenshot occurs.
Trying`ldapsearch -vvvvv -H ldap://ldap.cory.albrecht.name -x -b "dc=cory,dc=albrecht,dc=name" "(uid=cory)"` works, but `ldapsearch -vvvvv -H ldaps://ldap.cory.albrecht.name -x -b "dc=cory,dc=albrecht,dc=name" "(uid=cory)"` does not
If I put my CA certificate in FreeNAS's /etc/ssl and modify /etc/local/openldap/ldap.conf with TLS_CACERT, then `ldapsearch -vvvvv -H ldaps://ldap.cory.albrecht.name -x -b "dc=cory,dc=albrecht,dc=name" "(uid=cory)"` works.
BTW, didn't SSSD used to be part of FreeNAS, to manage LDAP users? Or am I misremembering things? It doesn't seem to be there now.