ndboost
Explorer
- Joined
- Mar 17, 2013
- Messages
- 78
This was originally a bug report that i filed, but i want to rule out any configuration errors on my side.. I have a win2k12 r2 server running ad w/ unix extensions, it is functioning properly as i have several linux boxes bind'd to the ad and auth is working.
Freenas is configured to use AD, with unix extensions enabled. as of the 6/12 nightly i am able to getent passwd, but not getent group. Users and groups show up in the GUI permissions screen, and running $id testuser returns the appropriate gid and gnames of those ad groups.
It seems just getent group doesnt want to work, and im not sure why. My worry is that something isnt configured properly or the issue will affect other areas and i wont know until ive moved this into prod and started loading data.
Only error i noticed in the logs when toggling Directory Services was these:
Jun 13 18:02:12 nas-test winbindd[55203]: STATUS=daemon 'winbindd' finished starting up and ready to serve connections idmap range not specified for domain NAS-TEST
Jun 13 18:02:18 nas-test winbindd[56169]: STATUS=daemon 'winbindd' finished starting up and ready to serve connections Could not get unix ID for SID S-1-5-21-156458747-2592556640-2594162967-500
That SID maps out to my DEVITA\Administrator user, he has an UID of 40001 and is showing up in getent passwd.
administrator:*:40001:30000:Administrator:/home/administrator:/bin/sh
If i su mikedevita as my user, and then run id it resolves the groups assigned to me properly..
[root@nas-test] /usr/local/etc# su mikedevita
$ id
uid=40000(mikedevita) gid=30000(domain users) groups=30000(domain users),30001(domain admins),30002(vmware admins),30003(vpn users),90000000(BUILTIN\administrators),90000001(BUILTIN\users),4294967295
but like i said getent group only returns local nas groups.
Freenas is configured to use AD, with unix extensions enabled. as of the 6/12 nightly i am able to getent passwd, but not getent group. Users and groups show up in the GUI permissions screen, and running $id testuser returns the appropriate gid and gnames of those ad groups.
It seems just getent group doesnt want to work, and im not sure why. My worry is that something isnt configured properly or the issue will affect other areas and i wont know until ive moved this into prod and started loading data.
Only error i noticed in the logs when toggling Directory Services was these:
Jun 13 18:02:12 nas-test winbindd[55203]: STATUS=daemon 'winbindd' finished starting up and ready to serve connections idmap range not specified for domain NAS-TEST
Jun 13 18:02:18 nas-test winbindd[56169]: STATUS=daemon 'winbindd' finished starting up and ready to serve connections Could not get unix ID for SID S-1-5-21-156458747-2592556640-2594162967-500
That SID maps out to my DEVITA\Administrator user, he has an UID of 40001 and is showing up in getent passwd.
administrator:*:40001:30000:Administrator:/home/administrator:/bin/sh
If i su mikedevita as my user, and then run id it resolves the groups assigned to me properly..
[root@nas-test] /usr/local/etc# su mikedevita
$ id
uid=40000(mikedevita) gid=30000(domain users) groups=30000(domain users),30001(domain admins),30002(vmware admins),30003(vpn users),90000000(BUILTIN\administrators),90000001(BUILTIN\users),4294967295
but like i said getent group only returns local nas groups.
