Link to home
Start Free TrialLog in
Avatar of Tony
Tony

asked on

Freenas link aggregation lacp

Good day I have set up a link aggregation for my freenas but it seems that it disables the active directory services and cannot enable it unless I remove the link aggregation from my managed switch. Any thoughts on this? What kind of extra info you require I order to help you ? Thank you in advance
Avatar of arnold
arnold
Flag of United States of America image

Presumably you used bond to create a bound set of interfaces as well as configure the two ports on the switch to match the mode.

Not sure what exactly you are seeing in the form of errors on the active directory side.

Might you have bound the wrong two switch ports such that one port is Freenas while the other is a different server?

What is the relationship of the FreeNAS to the Directory services? Is your FreeNAS also provides Directory Services, in this case, make sure the interface that it binds openldap, etc. to is bond0 and not ethx or whatever other interface name it might use when not bound.
Avatar of eeRoot
eeRoot

Can you post some screenshots of the switch and freenas lagp config?
To eeroot's point does the freenas lose all ability to communicate over the network?
Avatar of Tony

ASKER

No....I can still log in the web ui....i 'm currently outside... Once I return I'll post some screenshots
Avatar of Tony

ASKER

OK...so here are the screenshots....

1st one is from console
User generated image
2nd and 3rd one is from the UI where in the groups there is no "domain users" group etc...
User generated imageUser generated image
You may have two questions and you posted the wrong data in this one.  This is the network part you posted the AD enumerated users and an its of users that does not shed light on what happens to your FreeNAS network when you enable bound interfaces with the switch LACP.
Avatar of Tony

ASKER

....that is why I'm asking....what do I need to check ? and what more information do you need in order to help you....
To address the question here:
ifconfig -a
do you have a bond0 (bonded interface)
eth0
eth1

and the switch config what mode the switch has the LACP group.


Wbinfo queries the internal system, it could be possible that your UI is not or you are using the limited scope of the UI that only goes an lists the information in the files, while there is a separate Tab for directory/ad users.
Avatar of Tony

ASKER

I have a lagg0 interface...this is how it is shown once you configure it from the freenas UI the switch support up to 8  port trunks with up to 4 ports in each trunk (as shown in the pics below)

User generated image
User generated image
and here is the ifconfig -a screenshot

User generated image
On your server side it shows it is connected, what is the lag config on the switch, is it combined?

Based in your earlier image your question is really why wbinfo -u returns the list of domain users, but your UI interface only reflects locally defined groups.

Run wbinfo -g

Let's refocus what are you looking to resolve in this question.

If the wbinfo when your nics are bound returns the info, the issue might be related to the config/functionality of the UI without really impacting the access to resources, but complicating the management if the shared storage.  

What port were/are you using when not bound? That might be the issue, I.e. You use port 3 for direct, such that the Access to the Ad is hard odes within the config to use port3 and now it is disabled.
Avatar of Tony

ASKER

wbinfo -g returns the groups in the domain successfully. What I want to resolve this the following....

After having gone through all the procedures of setting up FreeNAS, Windows 2008 R2 server and all the network infrastructure, I want to have link aggregation in my FreeNAS in order to stream from different devices and to be able to share data in my network. ..so far so good ?....okies...

The issue is that in my CIFS shares, after I have enabled the link aggregation, there are no domain users/groups shown that I can use for the CIFS shares permissions in order for the domain users to have access.

And I'm trying to figure this out. I have not bound specific port of my switch....also the same ports are used for link aggregation or not.
You need to look at the service to see whether it tries to bind to a port/interface that is not in use.

The log should indicate why the service fails to start.
Avatar of Tony

ASKER

that's the issue...the service starts....if it could not be started then wbinfo could not have shown users or groups....my concern is why the "domain users" group is not appearing in the groups of FreeNAS
I do not believe wbinfo is tied to the service.
Wbinfo relies on the /etc/nsswitch.conf config hosts, passwd, groups.
The GUI is possibly affected by the service.
Avatar of Tony

ASKER

ok....if this is the case, what would be possible for me to do on my side ?
Test first while the service is not running, test wbinfo.
Look at the UI/service to see whether that is where the issue is. Config to usep/specify an interface.
Avatar of Tony

ASKER

did that....it didn't work....maybe i should conclude that it is a bug ?
I am uncertain, whether the initial config has encoded/hardcoded your single interface for use with smb.conf or something else on which the service/interface relies that does not match the functionality of the system itself.
Possibly, is this your initial attempt no data and a reinstall with the setup of aggregated network interface can be started from the get go to see whether it is a bug or a missed config to tell it to use the new interface to access .........
Avatar of Tony

ASKER

No..i have data in the NAS...but noticed something funny...when i used the wizard to setup my AD connection with my DC, the groups appeared properly (from within the wizard only) but this step was to create a new dataset and not to be used with the existing ones....I'll have a further look into it...
ASKER CERTIFIED SOLUTION
Avatar of Tony
Tony

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Tony

ASKER

I accepted my own comment as a solution due to the fact that I've managed to reach to a solution on the specific problem prior to other members, plus it will help other people with the same issue as mine