activedirectory.fill_cache UnicodeDecodeError

[thagino]

I used TrueNAS-12.0–U2.1 to connect to Windows Server 2012 R2 ActiveDirectory.
The output from "wbinfo -u", "wbinfo -g", and "getent passwd" succeeded but does not appear in the ACL permissions list for the dataset.

An error has occurred in Task Manager and the "midclt call core.get_jobs | jq" output is:

Code:

 {
    "id": 203,
    "method": "activedirectory.fill_cache",
    "arguments": [],
    "logs_path": null,
    "logs_excerpt": null,
    "progress": {
      "percent": null,
      "description": null,
      "extra": null
    },
    "result": null,
    "error": "'utf-8' codec can't decode byte 0x8a in position 2872: invalid start byte",
    "exception": "Traceback (most recent call last):\n  File \"/usr/local/lib/python3.8/site-packages/middlewared/job.py\", line 367, in run\n    await self.future\n  File \"/usr/local/lib/python3.8/site-packages/middlewared/job.py\", line 405, in __run_body\n    rv = await self.middleware.run_in_thread(self.method, *([self] + args))\n  File \"/usr/local/lib/python3.8/site-packages/middlewared/utils/run_in_thread.py\", line 10, in run_in_thread\n    return await self.loop.run_in_executor(self.run_in_thread_executor, functools.partial(method, *args, **kwargs))\n  File \"/usr/local/lib/python3.8/site-packages/middlewared/utils/io_thread_pool_executor.py\", line 25, in run\n    result = self.fn(*self.args, **self.kwargs)\n  File \"/usr/local/lib/python3.8/site-packages/middlewared/plugins/activedirectory.py\", line 1354, in fill_cache\n    for line in netlist.stdout.decode().splitlines():\nUnicodeDecodeError: 'utf-8' codec can't decode byte 0x8a in position 2872: invalid start byte\n",
    "exc_info": {
      "type": "UnicodeDecodeError",
      "extra": null
    },
    "state": "FAILED",
    "time_started": {
      "$date": 1616637148158
    },
    "time_finished": {
      "$date": 1616637148384
    }
  }

How do I assign an ActiveDirectory ACL to a dataset?

 

[anodos]

I used TrueNAS-12.0–U2.1 to connect to Windows Server 2012 R2 ActiveDirectory.
The output from "wbinfo -u", "wbinfo -g", and "getent passwd" succeeded but does not appear in the ACL permissions list for the dataset.

An error has occurred in Task Manager and the "midclt call core.get_jobs | jq" output is:

Code:

{
    "id": 203,
    "method": "activedirectory.fill_cache",
    "arguments": [],
    "logs_path": null,
    "logs_excerpt": null,
    "progress": {
      "percent": null,
      "description": null,
      "extra": null
    },
    "result": null,
    "error": "'utf-8' codec can't decode byte 0x8a in position 2872: invalid start byte",
    "exception": "Traceback (most recent call last):\n  File \"/usr/local/lib/python3.8/site-packages/middlewared/job.py\", line 367, in run\n    await self.future\n  File \"/usr/local/lib/python3.8/site-packages/middlewared/job.py\", line 405, in __run_body\n    rv = await self.middleware.run_in_thread(self.method, *([self] + args))\n  File \"/usr/local/lib/python3.8/site-packages/middlewared/utils/run_in_thread.py\", line 10, in run_in_thread\n    return await self.loop.run_in_executor(self.run_in_thread_executor, functools.partial(method, *args, **kwargs))\n  File \"/usr/local/lib/python3.8/site-packages/middlewared/utils/io_thread_pool_executor.py\", line 25, in run\n    result = self.fn(*self.args, **self.kwargs)\n  File \"/usr/local/lib/python3.8/site-packages/middlewared/plugins/activedirectory.py\", line 1354, in fill_cache\n    for line in netlist.stdout.decode().splitlines():\nUnicodeDecodeError: 'utf-8' codec can't decode byte 0x8a in position 2872: invalid start byte\n",
    "exc_info": {
      "type": "UnicodeDecodeError",
      "extra": null
    },
    "state": "FAILED",
    "time_started": {
      "$date": 1616637148158
    },
    "time_finished": {
      "$date": 1616637148384
    }
  }

How do I assign an ActiveDirectory ACL to a dataset?

Can you PM me a debug please?

 

[thagino]

When I try to get the debug file, I get an error in the "Dumping Acrive Directory" and the 0 byte file is downloaded.

 

[anodos]

When I try to get the debug file, I get an error in the "Dumping Acrive Directory" and the 0 byte file is downloaded.

View attachment 46147

Okay. Let's start by sending me the output of the following via a private message net cache list.

 

[thagino]

I sent the output file as a private message.

 

[anodos]

https://jira.ixsystems.com/browse/NAS-109959

List of AD users to add to webui is generated from samba's gencache. I switched to using lib/tdb's python bindings to open a copy of gencache.tdb and compare the raw bytes of the tdb entry prefixes to determine whether we're interested in the entry. This avoids the IDMAP/NAME2SID and IDMAP/SID2NAME entries that were failing. The cache list is used because it's persistent across middleware restarts, and in some edge cases with large or poorly-designed AD environments, it allows us to avoid having to generate network traffic to get a list of AD users (though if active cache is turned off, this will only contain users / groups that have recently connected to the server).

 

[thagino]

Thank you for your reply.
I think this will solve the problem.