Pf2ad - unable to find domain
-
Hi to all,
i've a little problem with my test lab.
I've installed a fresh PF 2.3.4 on different network from the Active directory and after installed pf2ad i want to test some thinks, like autenthication via proxy and smb….So the PFsense can't join in the domain, I don't understand why, here my configuration :
DNS1 is the first domain controller
DNS2 is the second domain controllerhere the smb.cfg
[global]
workgroup = DOMAIN
security = ADS
realm = COMPANY.COM
encrypt passwords = yesinterfaces = 192.168.1.1
idmap config *:backend = tdb
idmap config *:range = 70001-80000
idmap config DOMAIN:backend = ad
idmap config DOMAIN:schema_mode = rfc2307
idmap config DOMAIN:range = 500-40000winbind nss info = rfc2307
winbind trusted domains only = no
winbind use default domain = yes
winbind enum users = no
winbind enum groups = nowhen I invoche :
net rpc getsid
Unable to find a suitable server for domain DOMAINbut if I insert the main domaincontroller the result is :
net rpc getsid -S 192.168.20.20
Storing SID S-1-5-21-220400000-3129000000-51000000 for Domain DOMAIN in secrets.tdbHow can I config smb.cfg to join in AD ?
Thanks in advance.
Regards -
Check with the package author. I would strongly advise against using pf2ad as it is inherently insecure. Having SAMBA on the firewall is not recommenced.
-
Check with the package author. I would strongly advise against using pf2ad as it is inherently insecure. Having SAMBA on the firewall is not recommenced.
yes I know, but is an internal firewall and the usage is for proxy web request.
I think is not a package problem, but a samba problem.
-
You sure do not need to join the domain to auth a user to AD.. I agree with ivor here, putting samba on your firewall is not a very good idea!
DNS1 is the first domain controller
DNS2 is the second domain controllerdns1 and 2 where? Why would pfsense use those - out of the box pfsense would point to itself and use resolver (unbound) So putting dns anywhere in pfsense is pretty pointless.
