Ytsejamer1
Dabbler
- Joined
- May 28, 2013
- Messages
- 28
Hey all,
I've been messing around with the 9.1 releases from Alpha, Beta, and now finally RC1 as I try and breathe some life into my old Thumper box. I'm having a couple issues that I've been able to workaround, but am hoping to find some better information. I don't necessarily want to open a defect ticket on it unless I've exhausted all my options and checked with the forum members here. Hopefully someone can shed some light on it.
I've got my system on my Active Directory domain. If I run a wbinfo -u or -g, I see all the users or groups respectively. wbinfo -t indicates a successful test connection against AD.
I setup a ZFS datastore in the GUI. When I go to change users, I only have a list of 50 users to choose from (the local users and maybe 20 active directory users listed starting with the letter 'a'. If I start typing a name for owner (user), using my username (starts with the letter 'a'), I can select the any name, up to the 50 users I'm seeing in the drop down. If I try typing a name for someone with the letter 'c', the names do NOT come up. So the problem seems to be the length of the drop down list OR the amount of users available to the drop downlist in the GUI.
Update: I've found that turning on verbose logging (suggested from another thread below), I can start typing owner user usernames in and 50 options will show in the drop down. If I continue to hone in on the username, it'll find it via the drop down. Unfortunately the groups will still not populate in the owner group dropdown. If I leave the owner group field blank and pull the dropdown, i'll see the local groups and a few seemingly random AD groups.
The next problem is that even if I select a user from that list and hit apply, the permission change doesn't stick. Everything goes back to root and wheel with default permissions. The only setting that sticks in the change permissions window is the Unix or Windows permission option.
My workaround was setting the permissions via command line:
> chown "DOMAIN.COM\myusername":"DOMAIN.COM\domain admins" /mnt/pool-0/cifs0.
Then, > chmod 770 /mnt/pool-0/cifs0.
Update: The only way to get owner (user) or owner (group) settings to stick is if the ACL type is Unix before you change it over to Windows. If you changed it over to Windows ACL type before, you have to change it back if you want to be able to have the GUI be able to save your owner (user) and owner (group) fields. As a side note, the owner (group) field will STILL NOT populate with my AD groups when I start typing them in. That still has to be set via CLI as mentioned above.
If I made the owner (user) another account and my AD account is in the domain admins group (as set in the owner (group)), I still wasn't able to change any permissions on the share via windows. My account HAD to be owner (user). Is that to be expected when owner (user) and owner (group) have the same level of permissions - owner (user) permission supercedes that of owner (group)?
Does anyone have any advice or thoughts on the issue?
My hardware is a Sun x4500 (dual Opteron 285/dual core) with 16GB ram, 45 x 500GB SATA II disk; 2 x 128GB Samsung 840 Pro SSD (mirror log); 1 x 256GB Samsung 840 Pro SSD (cache). My zpool is 4 vdev x 10disk per vdev with five spare disks. My Active Directory is about 1500 users in the root domain, two subdomains with a few service accounts, 99.5 (or so) servers in forest root including this FreeNAS box.
I've been messing around with the 9.1 releases from Alpha, Beta, and now finally RC1 as I try and breathe some life into my old Thumper box. I'm having a couple issues that I've been able to workaround, but am hoping to find some better information. I don't necessarily want to open a defect ticket on it unless I've exhausted all my options and checked with the forum members here. Hopefully someone can shed some light on it.
I've got my system on my Active Directory domain. If I run a wbinfo -u or -g, I see all the users or groups respectively. wbinfo -t indicates a successful test connection against AD.
I setup a ZFS datastore in the GUI. When I go to change users, I only have a list of 50 users to choose from (the local users and maybe 20 active directory users listed starting with the letter 'a'. If I start typing a name for owner (user), using my username (starts with the letter 'a'), I can select the any name, up to the 50 users I'm seeing in the drop down. If I try typing a name for someone with the letter 'c', the names do NOT come up. So the problem seems to be the length of the drop down list OR the amount of users available to the drop downlist in the GUI.
Update: I've found that turning on verbose logging (suggested from another thread below), I can start typing owner user usernames in and 50 options will show in the drop down. If I continue to hone in on the username, it'll find it via the drop down. Unfortunately the groups will still not populate in the owner group dropdown. If I leave the owner group field blank and pull the dropdown, i'll see the local groups and a few seemingly random AD groups.
The next problem is that even if I select a user from that list and hit apply, the permission change doesn't stick. Everything goes back to root and wheel with default permissions. The only setting that sticks in the change permissions window is the Unix or Windows permission option.
My workaround was setting the permissions via command line:
> chown "DOMAIN.COM\myusername":"DOMAIN.COM\domain admins" /mnt/pool-0/cifs0.
Then, > chmod 770 /mnt/pool-0/cifs0.
Update: The only way to get owner (user) or owner (group) settings to stick is if the ACL type is Unix before you change it over to Windows. If you changed it over to Windows ACL type before, you have to change it back if you want to be able to have the GUI be able to save your owner (user) and owner (group) fields. As a side note, the owner (group) field will STILL NOT populate with my AD groups when I start typing them in. That still has to be set via CLI as mentioned above.
If I made the owner (user) another account and my AD account is in the domain admins group (as set in the owner (group)), I still wasn't able to change any permissions on the share via windows. My account HAD to be owner (user). Is that to be expected when owner (user) and owner (group) have the same level of permissions - owner (user) permission supercedes that of owner (group)?
Does anyone have any advice or thoughts on the issue?
My hardware is a Sun x4500 (dual Opteron 285/dual core) with 16GB ram, 45 x 500GB SATA II disk; 2 x 128GB Samsung 840 Pro SSD (mirror log); 1 x 256GB Samsung 840 Pro SSD (cache). My zpool is 4 vdev x 10disk per vdev with five spare disks. My Active Directory is about 1500 users in the root domain, two subdomains with a few service accounts, 99.5 (or so) servers in forest root including this FreeNAS box.
