#76 AFP and Active Directory

9.1.0.1
open
nobody
None
1
2013-05-16
2013-02-02
Heath Kehoe
No

AFP doesn't use Active Directory for authentication. This is because by default the uams that are active are the 'passwd' uam modules and not the 'pam' ones, and you need to use the 'pam' uams for afpd to authenticate against AD.

To fix this, I performed the following actions at a root shell:

cd /etc/uams
rm uams_clrtxt.so uams_dhx.so uams_dhx2.so
ln -s uams_dhx2_pam.so uams_dhx2.so
ln -s uams_dhx_pam.so uams_dhx.so
ln -s uams_pam.so uams_clrtxt.so

Then restarted afpd. After this, AD authentication works.

The 'pam' modules should be the default; or at least the GUI should change the links from the 'passwd' modules to the 'pam' modules when AD is turned on.

Discussion

  • Rainer
    Rainer
    2013-05-16

    Hi,
    that is a very old problem and has been already reported by myself in FreeNAS7. Interestingly using the PAM libraries even the passwd still works properly. I have no idea why this has not been fixed for a long time...

    Cheers
    Rainer

    P.S.: How can you vote something up here???

     
    Last edit: Rainer 2013-05-23