def clean_ad_gcname(self):
ad_gcname = self.cleaned_data.get('ad_gcname')
ad_gcport = 3268
ad_ssl = self.cleaned_data.get('ad_ssl')
if ad_ssl == 'on':
ad_gcport = 3269
if not ad_gcname:
return None
parts = ad_gcname.split(':')
ad_gcname = parts[0]
if len(parts) > 1 and parts[1].isdigit():
ad_gcport = long(parts[1])
errors = []
try:
ret = FreeNAS_ActiveDirectory.port_is_listening(host=ad_gcname,
port=ad_gcport,
errors=errors)
if ret is False:
raise Exception('Invalid Host/Port: %s' % errors[0])
except Exception as e:
raise forms.ValidationError('%s.' % e)
return self.cleaned_data.get('ad_gcname')
def clean_ad_gcname(self):
ad_gcname = self.cleaned_data.get('ad_gcname')
ad_gcport = 3268
ad_ssl = self.cleaned_data.get('ad_ssl')
if ad_ssl == 'on':
ad_gcport = 3269
if not ad_gcname:
return None
parts = ad_gcname.split(':')
ad_gcname = parts[0]
if len(parts) > 1 and parts[1].isdigit():
ad_gcport = long(parts[1])
errors = []
try:
ret = FreeNAS_ActiveDirectory.port_is_listening(
host=ad_gcname, port=ad_gcport, errors=errors)
if ret is False:
raise Exception('Invalid Host/Port: %s' % errors[0])
except Exception as e:
raise forms.ValidationError('%s.' % e)
return self.cleaned_data.get('ad_gcname')
def clean_ad_gcname(self):
ad_gcname = self.cleaned_data.get('ad_gcname')
ad_gcport = self.get_gcport()
if not ad_gcname:
return None
parts = ad_gcname.split(':')
ad_gcname = parts[0]
errors = []
try:
ret = FreeNAS_ActiveDirectory.port_is_listening(
host=ad_gcname, port=ad_gcport, errors=errors
)
if ret is False:
raise Exception(
'Invalid Host/Port: %s' % errors[0]
)
except Exception as e:
raise forms.ValidationError('%s.' % e)
return self.cleaned_data.get('ad_gcname')
def tryConnect(self, host, port):
max_tries = 3
connected = False
sm_timeout = _fs().middlewared.plugins.service_monitor.socket_timeout
host_list = []
if self.name == 'activedirectory':
for i in range(0, max_tries):
# Make max_tries attempts to get SRV records from DNS
host_list = FreeNAS_ActiveDirectory.get_ldap_servers(host)
if host_list:
break
else:
self.logger.debug(f'[ServiceMonitorThread] Attempt {i} to query SRV records failed')
if not host_list:
self.logger.debug(f'[ServiceMonitorThread] Query for SRV records for {host} failed')
return False
for h in host_list:
port_is_listening = FreeNAS_ActiveDirectory.port_is_listening(str(h.target), h.port, errors=[], timeout=sm_timeout)
if port_is_listening:
return True
else:
self.logger.debug(f'[ServiceMonitorThread] Cannot connect: {h.target}:{h.port}')
connected = False
return connected
else:
self.logger.debug(f'[ServiceMonitorThread] no monitoring has been written for {self.name}')
return False
def clean_ad_gcname(self):
ad_gcname = self.cleaned_data.get('ad_gcname')
ad_gcport = self.get_gcport()
if not ad_gcname:
return None
parts = ad_gcname.split(':')
ad_gcname = parts[0]
errors = []
try:
ret = FreeNAS_ActiveDirectory.port_is_listening(
host=ad_gcname, port=ad_gcport, errors=errors
)
if ret is False:
raise Exception(
'Invalid Host/Port: %s' % errors[0]
)
except Exception as e:
raise forms.ValidationError('%s.' % e)
return self.cleaned_data.get('ad_gcname')
def tryConnect(self, host, port):
max_tries = 3
connected = False
sm_timeout = _fs().middlewared.plugins.service_monitor.socket_timeout
host_list = []
if self.name == 'activedirectory':
for i in range(0, max_tries):
# Make max_tries attempts to get SRV records from DNS
host_list = FreeNAS_ActiveDirectory.get_ldap_servers(host)
if host_list:
break
else:
self.logger.debug(f'[ServiceMonitorThread] Attempt {i} to query SRV records failed')
if not host_list:
self.logger.debug(f'[ServiceMonitorThread] Query for SRV records for {host} failed')
return False
for h in host_list:
port_is_listening = FreeNAS_ActiveDirectory.port_is_listening(str(h.target), h.port, errors=[], timeout=sm_timeout)
if port_is_listening:
return True
else:
self.logger.debug(f'[ServiceMonitorThread] Cannot connect: {h.target}:{h.port}')
connected = False
return connected
else:
self.logger.debug(f'[ServiceMonitorThread] no monitoring has been written for {self.name}')
return False
def check_AD(self, host, port):
"""
Basic health checks to determine whether we can recover the AD service if a disruption occurs.
Current tests:
- Clockskew from DC is not greater than 5 minutes (MIT default). Kerberos has strict time requirements.
This can vary based on the kerberos configuration, and so this may need to be a configurable field.
- DC connectivity. We check this by using DNS to get SRV records for LDAP, and then trying to open a socket
to the LDAP(S) port on each of the LDAP servers in the list.
Future tests:
- Validate service account password
- Verify presence of computer object in DA
"""
connected = False
permitted_clockskew = datetime.timedelta(minutes=5)
sm_timeout = _fs().middlewared.plugins.service_monitor.socket_timeout
host_list = FreeNAS_ActiveDirectory.get_ldap_servers(host, self.config['ad_site'])
if not host_list:
self.alert(self.name, f'{self.name}: {host} not in connectable state. DNS query for SRV records for {host} failed.')
self.logger.debug(f'[ServiceMonitorThread] DNS query for SRV records for {host} failed')
return False
for h in host_list:
port_is_listening = FreeNAS_ActiveDirectory.port_is_listening(str(h.target),
h.port,
errors=[],
timeout=sm_timeout)
if port_is_listening:
clockskew_within_spec = self.validate_time(str(h.target), permitted_clockskew)
if not clockskew_within_spec:
return False
return True
else:
self.logger.debug(f'[ServiceMonitorThread] Cannot connect: {h.target}:{h.port}')
connected = False
if not connected:
self.alert(self.name, f'{self.name}: Unable to contact domain controller for {host}. Domain not in connectable state.')
return connected
