Feature #2147

FreeIPA v3 + FreeNAS w/CIFS?

Added by Joshua - almost 5 years ago. Updated 8 months ago.

Closed: Not To Be Fixed
No priority
Erin Clark
Target version:
Start date:
Due date:
% Done:


Estimated time:
Backlog Priority:
Reason for Closing:
Reason for Blocked:
Needs QA:
Needs Doc:
Needs Merging:
Needs Automation:
Hardware Configuration:
QA Status:
Not Tested



I administer an environment in which I use [[FreeIPA]] v3 (aka Red Hat Identity Management) as my SSO solution. While most of my hosts are Linux, a few are Windows and Mac. I'm hoping to configure [[FreeNAS]] to authenticate CIFS to the LDAP + Kerberos exposed by [[FreeIPA]], preferably without modifying the LDAP structure.

Here is some documentation from their side:

Please consider this a feature and/or documentation request on how to authenticate [[FreeNAS]] (with CIFS) to [[FreeIPA]] v3.



#1 Updated by John Hixson over 4 years ago

  • Priority changed from Important to No priority

#2 Updated by John Hixson over 4 years ago

  • Status changed from Unscreened to Investigation

#3 Updated by John Hixson over 4 years ago

I am able to successfully configure FreeNAS to FreeIPA using the LDAP service. I am still working on getting CIFS authentication to work against FreeIPA. I will post an update once I am able to do so.

#4 Updated by John Hixson over 4 years ago

  • Target version set to 48

This mostly works, just need kerberos auth to work. I've brought in sssd, which supports freeipa out of the box. Next major release will have this working.

#5 Updated by Jordan Hubbard almost 4 years ago

  • Target version changed from 48 to 9.3-BETA

#6 Updated by John Hixson over 3 years ago

  • Target version changed from 9.3-BETA to 49

So, now that we have SSSD in FreeNAS, I attempted to get this working. It can indeed work when specifying the provider to be ldap, however, to work using the ipa provider... requires much more work ;-) I grabbed the freeipa source code to see how far I could get to port the client software to FreeBSD, and discovered that there is some work that needs to be done ;-). I actually got fairly far, until I hit the kerberos stuff. Linux uses MIT kerberos and we use Hiemdal, and that's.. where I called it a day. This is still on my to-do list and I would like to eventually get this working, but for now, I must put it off and into the future ;-)

#7 Updated by Chris Tobey over 2 years ago

Any update on this? I am also interested in using my FreeIPA central authentication for my FreeNAS server.

#8 Updated by Jordan Hubbard about 2 years ago

Possible calsoft candidate

#9 Updated by Jordan Hubbard about 2 years ago

  • Assignee changed from John Hixson to Wojciech Kloska

#10 Updated by Wojciech Kloska about 2 years ago

  • Assignee changed from Wojciech Kloska to Erin Clark

#12 Updated by Anonymous almost 2 years ago

  • File FreeIPA.pdf added

I could configure FreeIPA client on FreeBSD 9.3, added it as a host on the freeIPA server(CentOS6). Currently working on adding FreeNAS as host on the FreeIPA server, but I'm getting error mentioned below:
Poudriere jail creation fails with following error: "Unable to execute id(1) in jail. Emulation or ABI wrong"
Also documented procedure followed. Please find the document attached, contains details about FreeIPA setup, configuration and issues faced.
Please suggest how to proceed further.

#13 Updated by Israel Brewster over 1 year ago

We just finished setting up a FreeIPA server on CentOS 7 for our organization, and are very interested in seeing this happen so there is some way to use that FreeIPA server to authenticate to our CIFS shares on our FreeNAS boxes. Is there any update on getting this working with FreeNAS? I scanned over the FreeIPA.pdf, but I'm not sure how much that applies to FreeNAS installations specifically vs FreeBSD installations in general.

#14 Updated by Vaibhav Chauhan over 1 year ago

BRB: any updates on this ticket ?

#15 Avatar?id=14398&size=24x24 Updated by Kris Moore over 1 year ago

  • Status changed from Investigation to Closed: Not To Be Fixed

While I would like to see this land at some point, we just keep having higher priority items pop up. Closing for now.

#16 Avatar?id=14398&size=24x24 Updated by Kris Moore 8 months ago

  • Target version changed from 49 to N/A

#17 Updated by Dru Lavigne 17 days ago

  • File deleted (FreeIPA.pdf)

Also available in: Atom PDF