Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Problemas com integracao com AD

    Portuguese
    3
    3
    587
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      PedroLana
      last edited by

      Galera, tudo bem ? Estou utilizando o pf2ad pra fazer a integracao. Estava funcionando inicialmente e depois de reiniciar as vms parou de funcionar. Ja tentei reiniciar o samba mas nao funcionou.

      informacoes uteis:

      [2.4.2-RELEASE][root@pfSense.marsit.local]/root: net ads info
      LDAP server: 192.168.1.2
      LDAP server name: DC.marsit.local
      Realm: MARSIT.LOCAL
      Bind Path: dc=MARSIT,dc=LOCAL
      LDAP port: 389
      Server time: Wed, 20 Dec 2017 15:10:33 -02
      KDC server: 192.168.1.2
      Server time offset: 5
      Last machine account password change: Wed, 20 Dec 2017 14:51:28 -02

      [2.4.2-RELEASE][root@pfSense.marsit.local]/root: wbinfo -u
      Error looking up domain users

      [2.4.2-RELEASE][root@pfSense.marsit.local]/root: host marsit.local
      marsit.local has address 192.168.1.2

      [2.4.2-RELEASE][root@pfSense.marsit.local]/root: net ads testjoin
      Join is OK

      meu smb4.conf :

      workgroup = MARSIT
        security = ADS
        realm = MARSIT.LOCAL
        encrypt passwords = yes

      interfaces = 192.168.1.1

      idmap config *:backend = tdb
        idmap config *:range = 70001-80000
        idmap config MARSIT:backend = ad
        idmap config MARSIT:schema_mode = rfc2307
        idmap config MARSIT:range = 500-40000

      winbind nss info = rfc2307
        winbind trusted domains only = no
        winbind use default domain = yes
        winbind enum users  = yes
        winbind enum groups = yes

      krb5.conf tb me parece ok

      [libdefaults]
          default_realm = MARSIT.LOCAL
          dns_lookup_realm = true
          dns_lookup_kdc = true
          ticket_lifetime = 24h
          forwardable = yes
      ; for Windows 2008 with AES
          default_tgs_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5
          default_tkt_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5
          permitted_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5
      [appdefaults]
          pam = {
              debug = false
              ticket_lifetime = 36000
              renew_lifetime = 36000
              forwardable = true
              krb4_convert = false
          }

      [domain_realm]
          .marsit.local = MARSIT.LOCAL
          marsit.local = MARSIT.LOCAL

      alguem tem ideia de como posso resolver ?

      1 Reply Last reply Reply Quote 0
      • D
        dreivi
        last edited by

        pela mensagem parece que não esta resolvendo o dns marsit.local o que você pode fazer é colocar o ip do ad em Servicos/ Dns Resolver Sobreescrever Host
        Dominio pai  ip para retorna para um servidor
        marsit.local    coloca o ip do seu ad

        executa um ping em: marsit.loca tem que resolver o ip e dar resposta, se resolver e não responder pode ser que tenha alguma regra faltando nos meus servidores sempre coloco uma regra liberando todo o trafego origem lan net destino lan net

        1 Reply Last reply Reply Quote 0
        • J
          jvicente
          last edited by

          coloque o DNS do seu AD no pfsense como principal

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.