def tryConnect(self, host, port): max_tries = 3 connected = False sm_timeout = _fs().middlewared.plugins.service_monitor.socket_timeout host_list = [] if self.name == 'activedirectory': for i in range(0, max_tries): # Make max_tries attempts to get SRV records from DNS host_list = FreeNAS_ActiveDirectory.get_ldap_servers(host) if host_list: break else: self.logger.debug(f'[ServiceMonitorThread] Attempt {i} to query SRV records failed') if not host_list: self.logger.debug(f'[ServiceMonitorThread] Query for SRV records for {host} failed') return False for h in host_list: port_is_listening = FreeNAS_ActiveDirectory.port_is_listening(str(h.target), h.port, errors=[], timeout=sm_timeout) if port_is_listening: return True else: self.logger.debug(f'[ServiceMonitorThread] Cannot connect: {h.target}:{h.port}') connected = False return connected else: self.logger.debug(f'[ServiceMonitorThread] no monitoring has been written for {self.name}') return False
def check_AD(self, host, port): """ Basic health checks to determine whether we can recover the AD service if a disruption occurs. Current tests: - Clockskew from DC is not greater than 5 minutes (MIT default). Kerberos has strict time requirements. This can vary based on the kerberos configuration, and so this may need to be a configurable field. - DC connectivity. We check this by using DNS to get SRV records for LDAP, and then trying to open a socket to the LDAP(S) port on each of the LDAP servers in the list. Future tests: - Validate service account password - Verify presence of computer object in DA """ connected = False permitted_clockskew = datetime.timedelta(minutes=5) sm_timeout = _fs().middlewared.plugins.service_monitor.socket_timeout host_list = FreeNAS_ActiveDirectory.get_ldap_servers(host, self.config['ad_site']) if not host_list: self.alert(self.name, f'{self.name}: {host} not in connectable state. DNS query for SRV records for {host} failed.') self.logger.debug(f'[ServiceMonitorThread] DNS query for SRV records for {host} failed') return False for h in host_list: port_is_listening = FreeNAS_ActiveDirectory.port_is_listening(str(h.target), h.port, errors=[], timeout=sm_timeout) if port_is_listening: clockskew_within_spec = self.validate_time(str(h.target), permitted_clockskew) if not clockskew_within_spec: return False return True else: self.logger.debug(f'[ServiceMonitorThread] Cannot connect: {h.target}:{h.port}') connected = False if not connected: self.alert(self.name, f'{self.name}: Unable to contact domain controller for {host}. Domain not in connectable state.') return connected