ActiveDirectory Groups dont show up in Owner dropdown?

[mbalsam]

I've connected freenas 11 to Active Directory windows 2003. (Yes i am ashamed!) Anyway...

When i try to Change Permissions, and select the Owner dropdown, i see lots of linux groups and then a new AD groups from my domain but i dont see all the groups i would expect to see.

I see things like backup admins and cert publishers, all kinds of groups that are useless to provisioning access to users.


Question: What type of groups, and where in the AD schema should they be created so they will showup in the Owners dropedown.

Question: is this the right way to secure FreeNas resources with AD security groups?


This is what i see in debug.log when i click on the owners dropdown.

Thanks for the help!!!

Oct 1 16:10:48 freenas uwsgi: [common.freenasldap:372] FreeNAS_LDAP_Directory._search: basedn = 'CN=Configuration,DC=xxx,DC=net', filter = '(&(objectcategory=crossref)(netbiosname=yyy))'
Oct 1 16:10:48 freenas uwsgi: [common.freenasldap:404] FreeNAS_LDAP_Directory._search: pagesize = 1024
Oct 1 16:10:48 freenas uwsgi: [common.freenasldap:411] FreeNAS_LDAP_Directory._search: getting page 0
Oct 1 16:10:48 freenas uwsgi: [common.freenasldap:478] FreeNAS_LDAP_Directory._search: 2 results
Oct 1 16:10:48 freenas uwsgi: [common.freenasldap:479] FreeNAS_LDAP_Directory._search: leave
Oct 1 16:10:48 freenas uwsgi: [common.freenasldap:2049] FreeNAS_ActiveDirectory_Base.get_domains: leave
Oct 1 16:10:48 freenas uwsgi: [common.frenascache:525] FreeNAS_GroupCache.__new__: enter
Oct 1 16:10:48 freenas uwsgi: [common.frenascache:487] FreeNAS_Directory_LocalGroupCache.__new__: enter
Oct 1 16:10:48 freenas uwsgi: [common.frenascache:294] FreeNAS_ActiveDirectory_LocalGroupCache.__init__: enter
Oct 1 16:10:48 freenas uwsgi: [common.frenascache:89] FreeNAS_BaseCache._init__: enter
Oct 1 16:10:48 freenas uwsgi: [common.frenascache:110] FreeNAS_BaseCache._init__: cachedir = /var/tmp/.cache/.ldap/.activedirectory/.local/.groups/yyyy
Oct 1 16:10:48 freenas uwsgi: [common.frenascache:113] FreeNAS_BaseCache._init__: cachefile = /var/tmp/.cache/.ldap/.activedirectory/.local/.groups/yyyy/.cache.db
Oct 1 16:10:48 freenas uwsgi: [common.frenascache:115] FreeNAS_BaseCache._init__: leave
Oct 1 16:10:48 freenas uwsgi: [common.frenascache:302] FreeNAS_ActiveDirectory_LocalGroupCache.__init__: leave
Oct 1 16:10:48 freenas uwsgi: [common.frenascache:502] FreeNAS_Directory_LocalGroupCache.__new__: leave
Oct 1 16:10:48 freenas uwsgi: [common.frenascache:536] FreeNAS_GroupCache.__new__: leave
Oct 1 16:10:48 freenas uwsgi: [common.frenascache:445] FreeNAS_Directory_GroupCache.__new__: enter
Oct 1 16:10:48 freenas uwsgi: [common.frenascache:268] FreeNAS_ActiveDirectory_GroupCache.__init__: enter
Oct 1 16:10:48 freenas uwsgi: [common.frenascache:89] FreeNAS_BaseCache._init__: enter
Oct 1 16:10:48 freenas uwsgi: [common.frenascache:110] FreeNAS_BaseCache._init__: cachedir = /var/tmp/.cache/.ldap/.activedirectory/.groups/yyy
Oct 1 16:10:48 freenas uwsgi: [common.frenascache:113] FreeNAS_BaseCache._init__: cachefile = /var/tmp/.cache/.ldap/.activedirectory/.groups/yyy/.cache.db
Oct 1 16:10:48 freenas uwsgi: [common.frenascache:115] FreeNAS_BaseCache._init__: leave
Oct 1 16:10:48 freenas uwsgi: [common.frenascache:276] FreeNAS_ActiveDirectory_GroupCache.__init__: leave
Oct 1 16:10:48 freenas uwsgi: [common.frenascache:460] FreeNAS_Directory_GroupCache.__new__: leave
Oct 1 16:10:48 freenas uwsgi: [common.freenasldap:2955] FreeNAS_ActiveDirectory_Groups.__get_groups: enter
Oct 1 16:10:48 freenas uwsgi: [common.freenasldap:1151] FreeNAS_ActiveDirectory_Base.get_SRV_records: looking up SRV records for _ldap._tcp.dc._msdcs.commondesk.net
Oct 1 16:10:48 freenas uwsgi: [common.freenasldap:3000] FreeNAS_ActiveDirectory_Groups.__get_groups: AD [yyy] groups in cache
Oct 1 16:10:48 freenas uwsgi: [common.freenasldap:3046] FreeNAS_ActiveDirectory_Groups.__get_groups: leave
Oct 1 16:10:48 freenas uwsgi: [common.freenasldap:2906] FreeNAS_ActiveDirectory_Groups.__init__: leave

 

[dlavigne]

If you start to type in the name of the user/group you are looking for does it appear?

 

[mbalsam]

Yes, but it is not obvious... Thanks

 

[Ericloewe]

Am I imagining things or was there supposed to be a new note in the GUI about this unintuitive detail? I vaguely remember a ticket for that.