• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Problemas com integracao com AD

Scheduled Pinned Locked Moved Portuguese
3 Posts 3 Posters 589 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • P
    PedroLana
    last edited by Dec 20, 2017, 5:48 PM Dec 20, 2017, 5:35 PM

    Galera, tudo bem ? Estou utilizando o pf2ad pra fazer a integracao. Estava funcionando inicialmente e depois de reiniciar as vms parou de funcionar. Ja tentei reiniciar o samba mas nao funcionou.

    informacoes uteis:

    [2.4.2-RELEASE][root@pfSense.marsit.local]/root: net ads info
    LDAP server: 192.168.1.2
    LDAP server name: DC.marsit.local
    Realm: MARSIT.LOCAL
    Bind Path: dc=MARSIT,dc=LOCAL
    LDAP port: 389
    Server time: Wed, 20 Dec 2017 15:10:33 -02
    KDC server: 192.168.1.2
    Server time offset: 5
    Last machine account password change: Wed, 20 Dec 2017 14:51:28 -02

    [2.4.2-RELEASE][root@pfSense.marsit.local]/root: wbinfo -u
    Error looking up domain users

    [2.4.2-RELEASE][root@pfSense.marsit.local]/root: host marsit.local
    marsit.local has address 192.168.1.2

    [2.4.2-RELEASE][root@pfSense.marsit.local]/root: net ads testjoin
    Join is OK

    meu smb4.conf :

    workgroup = MARSIT
      security = ADS
      realm = MARSIT.LOCAL
      encrypt passwords = yes

    interfaces = 192.168.1.1

    idmap config *:backend = tdb
      idmap config *:range = 70001-80000
      idmap config MARSIT:backend = ad
      idmap config MARSIT:schema_mode = rfc2307
      idmap config MARSIT:range = 500-40000

    winbind nss info = rfc2307
      winbind trusted domains only = no
      winbind use default domain = yes
      winbind enum users  = yes
      winbind enum groups = yes

    krb5.conf tb me parece ok

    [libdefaults]
        default_realm = MARSIT.LOCAL
        dns_lookup_realm = true
        dns_lookup_kdc = true
        ticket_lifetime = 24h
        forwardable = yes
    ; for Windows 2008 with AES
        default_tgs_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5
        default_tkt_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5
        permitted_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5
    [appdefaults]
        pam = {
            debug = false
            ticket_lifetime = 36000
            renew_lifetime = 36000
            forwardable = true
            krb4_convert = false
        }

    [domain_realm]
        .marsit.local = MARSIT.LOCAL
        marsit.local = MARSIT.LOCAL

    alguem tem ideia de como posso resolver ?

    1 Reply Last reply Reply Quote 0
    • D
      dreivi
      last edited by Dec 21, 2017, 2:57 PM

      pela mensagem parece que não esta resolvendo o dns marsit.local o que você pode fazer é colocar o ip do ad em Servicos/ Dns Resolver Sobreescrever Host
      Dominio pai  ip para retorna para um servidor
      marsit.local    coloca o ip do seu ad

      executa um ping em: marsit.loca tem que resolver o ip e dar resposta, se resolver e não responder pode ser que tenha alguma regra faltando nos meus servidores sempre coloco uma regra liberando todo o trafego origem lan net destino lan net

      1 Reply Last reply Reply Quote 0
      • J
        jvicente
        last edited by Dec 22, 2017, 4:25 PM

        coloque o DNS do seu AD no pfsense como principal

        1 Reply Last reply Reply Quote 0
        3 out of 3
        • First post
          3/3
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
          This community forum collects and processes your personal information.
          consent.not_received