Register for the iXsystems Community to get an ad-free experience and exclusive discounts in our eBay Store.

AD users and groups not available when configuring basic dataset permissions or an Access Control List (ACL)

Western Digital Drives - The Preferred Drives of FreeNAS and TrueNAS CORE

Ico747

Member
Joined
Jan 5, 2012
Messages
36
Our TreNAS 12.0-U2 successfully join our local domain with Windows server 2008R2.
wbinfo -u and wbinfo -g giving list of users and groups from our local domain.
Unfortunately users and groups are not available when configuring dataset permition or ACL.
For dataset permition
Error: [EINVAL] pool_dataset_permission.user: "getpwnam(): name not found: 'user'" [EINVAL] pool_dataset_permission.group: "getgrnam(): name not found: 'group'" For dataset permition ACL
Updating Dataset ACL
Error: [uid] Not an integer
 

anodos

Sambassador
iXsystems
Joined
Mar 6, 2014
Messages
7,215
Our TreNAS 12.0-U2 successfully join our local domain with Windows server 2008R2.
wbinfo -u and wbinfo -g giving list of users and groups from our local domain.
Unfortunately users and groups are not available when configuring dataset permition or ACL.
For dataset permition
Error: [EINVAL] pool_dataset_permission.user: "getpwnam(): name not found: 'user'" [EINVAL] pool_dataset_permission.group: "getgrnam(): name not found: 'group'" For dataset permition ACL
Updating Dataset ACL
Error: [uid] Not an integer
wbinfo -u and wbinfo -g basically have winbindd list users and groups in the AD domain. It shows that our computer account has a trust relationship with the AD domain and can get at user and group info. It does not necessarily mean that nss is working correctly. What is output of cat /etc/nsswitch.conf and testparm -s?
 

Ico747

Member
Joined
Jan 5, 2012
Messages
36
Tank you for the answer! Below outputs you ask for.

cat /etc/nsswitch.conf
#
# nsswitch.conf(5) - name service switch configuration file
# $FreeBSD$
#
group: files winbind
hosts: files dns
networks: files
passwd: files winbind
shells: files
services: files
protocols: files
rpc: files
sudoers: files

testparm -s
Load smb config files from /usr/local/etc/smb4.conf
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER
# Global parameters
[global]
aio max threads = 2
allow trusted domains = No
bind interfaces only = Yes
client ldap sasl wrapping = seal
disable spoolss = Yes
dns proxy = No
domain master = No
enable web service discovery = Yes
interfaces = 127.0.0.1 192.168.100.252
kerberos method = secrets and keytab
kernel change notify = No
load printers = No
local master = No
logging = file
map to guest = Bad User
max log size = 5120
netbios aliases = NAS
nsupdate command = /usr/local/bin/samba-nsupdate -g
preferred master = No
realm = FPLA.LOCAL
registry shares = Yes
security = ADS
server role = member server
server string = FreeNAS Server
socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE
template shell = /bin/sh
unix extensions = No
winbind cache time = 7200
winbind enum groups = Yes
winbind enum users = Yes
winbind max domain connections = 10
winbind use default domain = Yes
workgroup = FPLA
idmap config *: range = 90000001-100000000
idmap config fpla: range = 20000-20000000
idmap config fpla: backend = rid
idmap config * : backend = tdb
create mask = 0666
directory mask = 0777
directory name cache size = 0
dos filemode = Yes
ea support = No
map acl inherit = Yes
map archive = No
store dos attributes = No
vfs objects = acl_xattr

[NDisk]
create mask = 0770
directory mask = 0770
force create mode = 0770
force directory mode = 0770
force group = FPLA\fpla
guest ok = Yes
invalid users = nobody nobody
path = /mnt/volume_A/NDisk
read list = nobody nobody
read only = No
valid users = @FPLA\fpla FPLA\Administrator FPLA\Senn
vfs objects = zfs_space zfsacl streams_xattr
write list = @FPLA\fpla FPLA\Administrator FPLA\Senn
nfs4:chown = true
 
Top