Hello
I am currently playing with AD authentication in FreeNAS 11.2
effectively, when trying to connect to a rather big ACtive Directory (ours contains more than 150000 objects), using "user/group cache" ends up with a failure in AD enablement.
Looking further, this seems to be due to a timeout value in FreeNAS python code as seen below
Dec 20 11:47:17 plofnaflr002sas /cachetool.py: [common.freenasldap:408] FreeNAS_LDAP_Directory._search: getting page 130
Dec 20 11:47:17 plofnaflr002sas uwsgi: [api.utils:12] Traceback (most recent call last):
Dec 20 11:47:17 plofnaflr002sas uwsgi: [api.utils:12] File "./freenasUI/directoryservice/forms.py", line 609, in save
Dec 20 11:47:17 plofnaflr002sas uwsgi: [api.utils:12] started = notifier().restart("activedirectory", timeout=timeout)
Dec 20 11:47:17 plofnaflr002sas uwsgi: [api.utils:12] File "./freenasUI/middleware/notifier.py", line 230, in restart
Dec 20 11:47:17 plofnaflr002sas uwsgi: [api.utils:12] **kwargs,
Dec 20 11:47:17 plofnaflr002sas uwsgi: [api.utils:12] File "./freenasUI/middleware/notifier.py", line 230, in restart
Dec 20 11:47:17 plofnaflr002sas uwsgi: [api.utils:12] **kwargs,
Dec 20 11:47:17 plofnaflr002sas uwsgi: [api.utils:12] File "/usr/local/lib/python3.6/site-packages/middlewared/client/client.py", line 447, in call
Dec 20 11:47:17 plofnaflr002sas uwsgi: [api.utils:12] raise CallTimeout("Call timeout")
Dec 20 11:47:17 plofnaflr002sas uwsgi: [api.utils:12] middlewared.client.client.CallTimeout: Call timeout
Dec 20 11:47:17 plofnaflr002sas uwsgi: [api.utils:12]
Dec 20 11:47:17 plofnaflr002sas uwsgi: [api.utils:12] During handling of the above exception, another exception occurred:
Dec 20 11:47:17 plofnaflr002sas uwsgi: [api.utils:12]
Dec 20 11:47:17 plofnaflr002sas uwsgi: [api.utils:12] Traceback (most recent call last):
Dec 20 11:47:17 plofnaflr002sas uwsgi: [api.utils:12] File "./freenasUI/api/utils.py", line 251, in dispatch
Dec 20 11:47:17 plofnaflr002sas uwsgi: [api.utils:12] request_type, request, *args, **kwargs
Dec 20 11:47:17 plofnaflr002sas uwsgi: [api.utils:12] File "/usr/local/lib/python3.6/site-packages/tastypie/resources.py", line 482, in dispatch
Dec 20 11:47:17 plofnaflr002sas uwsgi: [api.utils:12] response = method(request, **kwargs)
Dec 20 11:47:17 plofnaflr002sas uwsgi: [api.utils:12] File "./freenasUI/api/utils.py", line 319, in put_list
Dec 20 11:47:17 plofnaflr002sas uwsgi: [api.utils:12] return self.put_detail(request, **kwargs)
Dec 20 11:47:17 plofnaflr002sas uwsgi: [api.utils:12] File "./freenasUI/api/utils.py", line 332, in put_detail
Dec 20 11:47:17 plofnaflr002sas uwsgi: [api.utils:12] updated_bundle = self.obj_update(bundle=bundle, **self.remove_api_resource_names(kwargs))
Dec 20 11:47:17 plofnaflr002sas uwsgi: [api.utils:12] File "/usr/local/lib/python3.6/site-packages/tastypie/resources.py", line 2236, in obj_update
Dec 20 11:47:17 plofnaflr002sas uwsgi: [api.utils:12] return self.save(bundle, skip_errors=skip_errors)
Dec 20 11:47:17 plofnaflr002sas uwsgi: [api.utils:12] File "./freenasUI/api/utils.py", line 415, in save
Dec 20 11:47:17 plofnaflr002sas uwsgi: [api.utils:12] form.save()
Dec 20 11:47:17 plofnaflr002sas uwsgi: [api.utils:12] File "./freenasUI/directoryservice/forms.py", line 612, in save
Dec 20 11:47:17 plofnaflr002sas uwsgi: [api.utils:12] _("Active Directory restart timed out after %d seconds." % timeout),
Dec 20 11:47:17 plofnaflr002sas uwsgi: [api.utils:12] freenasUI.middleware.exceptions.MiddlewareError: [MiddlewareError: Active Directory restart timed out after 180 seconds.]
Dec 20 11:47:19 plofnaflr002sas /cachetool.py: [common.freenasldap:408] FreeNAS_LDAP_Directory._search: getting page 131
...
...
Dec 20 11:47:51 plofnaflr002sas /cachetool.py: [common.freenasldap:408] FreeNAS_LDAP_Directory._search: getting page 154
Dec 20 11:47:52 plofnaflr002sas /cachetool.py: [common.freenasldap:475] FreeNAS_LDAP_Directory._search: 154252 results
if we disable caching, this solves the issue, because FreeNAS is not trying to load entire AD at this time and so the timeout does not happen
One workaround I have found is to first enable the service without cache, then go back to it, check the "cache" checkbox and save it. Even if it fails at saving, the service remains enabled and FreeNAS continues building its cache
Not sure of what could be the cleanest solution. If somebody from FreeNAS team could comment on this ...
Regards
Philippe