AD Integration

[jevonm]

Hey Guys,

I'm new to the community. I have just setup free nas and synced it to my AD but not all the user accounts and groups are displayed when I check under permissions. Any ideas how to resolve this?

 

[justsomeguy]

Coincidentally, I stopped by the FreeNAS support site (for the first time) today since I'm also having this issue. I'm trying to do a PoC run with a FreeNAS VM before we buy an M50. But I've been struggling with getting permissions to work. I can join the domain and using the shell I can run "wbinfo -g" to see at least a handful of groups available. Can also search for a specific group from the shell. However, I can't see anything from the dropdown menu when attempting to set permissions. I've seen suggestions all over the place on this issue.

 

[anodos]

Coincidentally, I stopped by the FreeNAS support site (for the first time) today since I'm also having this issue. I'm trying to do a PoC run with a FreeNAS VM before we buy an M50. But I've been struggling with getting permissions to work. I can join the domain and using the shell I can run "wbinfo -g" to see at least a handful of groups available. Can also search for a specific group from the shell. However, I can't see anything from the dropdown menu when attempting to set permissions. I've seen suggestions all over the place on this issue.

Can you PM me a debug from your VM (system->advanced->save debug)? I can take a look and get you sorted out.

 

[justsomeguy]

Can you PM me a debug from your VM (system->advanced->save debug)? I can take a look and get you sorted out.

I really appreciate the offer. However, it looks like there's a lot of information in the debug, much of which I can't share (user accounts and such) since I'm testing this in our production environment. We generally have to have a BAA or something in place for that.

With that said, I'm looking through the debug information to see if anything stands out. I've also started reading your SMB permissions overview which is pretty great! Thank you for that too!

Also, it looks like we have about 80,000 user accounts on the domain, so that likely has something to do with it...

 

[anodos]

I really appreciate the offer. However, it looks like there's a lot of information in the debug, much of which I can't share (user accounts and such) since I'm testing this in our production environment. We generally have to have a BAA or something in place for that.

No problem. I sent you a private message with some instructions to help with the particular problem you're seeing. You can feel free to ask questions there that way I won't lose it in the shuffle.

With that said, I'm looking through the debug information to see if anything stands out. I've also started reading your SMB permissions overview which is pretty great! Thank you for that too!

No problem. I really need to update that resource. Let me know if you run into any particular issues during testing. The ACL implementation is logical, but sometimes counter-intuitive. For the most part they behave like NTFS ACLs.

Also, it looks like we have about 80,000 user accounts on the domain, so that likely has something to do with it...

That primarily means that it will take some time to build out the initial cache (this task is backgrounded and may take several - or more- minutes).